Code name "Poodle" vulnerability

This vulnerability might be another that will cause some changes on the internet.
It seems that uses the fallback to 3.0 to create a man in the middle opportunity to disclosure information.

This is a interesting paper about it.
Solution at the moment is disable SSL 3.0, this might create problems with legacy users or users that have older browsers because they might not be able to access the site.
It might have a positive side, force everybody to use safer protocols. 🙂 and recent clients.

More information here:
https://www.openssl.org/~bodo/ssl-poodle.pdf

How to check if you are secure suing mmap
nmap –script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 www.hjfr-info.com

How to check if you are secure using openssl
openssl s_client -connect www.hjfr-info.com:443

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.