Code name "Poodle" vulnerability

This vulnerability might be another that will cause some changes on the internet.
It seems that uses the fallback to 3.0 to create a man in the middle opportunity to disclosure information.

This is a interesting paper about it.
Solution at the moment is disable SSL 3.0, this might create problems with legacy users or users that have older browsers because they might not be able to access the site.
It might have a positive side, force everybody to use safer protocols. 🙂 and recent clients.

More information here:

Click to access ssl-poodle.pdf

How to check if you are secure suing mmap
nmap –script ssl-cert,ssl-enum-ciphers -p 443,465,993,995

How to check if you are secure using openssl
openssl s_client -connect

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.