legal contact rss


At a glance (as per wiki)

The POODLE attack (which stands for "Padding Oracle On Downgraded Legacy Encryption") is a man-in-the-middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability; they disclosed the vulnerability publicly on October 14, 2014

As SSLv3 the a quite weak an outdated cypher, the pragmatic (and easy) aproach was to simply disable it.

With the exception of anchient InternetExplorer versions not being able to connect to webserver any more. This worked quite well.