POODLE SSL v3 Vulnerability

Over the last few days a new vulnerability has been discovered in the SSL protocol similar to that of the Heartbleed bug from a few months ago. This vulnerability called POODLE (which stands for Padding Oracle On Downgraded Legacy) involves the SSL v3 protocol. The guys over at the Mozilla Foundation, creators of the Firefox web browser describe it better than I can. To that extent they also announced that Firefox v34.0, slated for release November 25th, 2014 will no longer support SSL v3.

We have already patched all of our SSL-using clients and hosts to no longer allow the SSL v3 protocol. If you’re counting all of our systems use TLS v1.2.

So sleep well, dear clients, knowing that your data is still being protected!

Leave a Comment