POODLE: SSLv3.0 vulnerability

Oct - 15 2014 | By

Another SSL Vulnerability has been found in SSL v3.0.  You should consider changing to use TLS 1.0, 1.1 or 1.2.

It is recommended to disable SSL v 3.0 on your secure websites. I recommend disabling at least PCT 1.0, SSL 2.0, SSL 3.0 on your IIS Servers.

IIS 3.0-6.0 http://support.microsoft.com/kb/187498
IIS 7.0+ http://support.microsoft.com/kb/245030
RedHat Linux products https://access.redhat.com/articles/1232123

Follow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 for more details

POODLE Security Advisory https://www.openssl.org/~bodo/ssl-poodle.pdf

Some are recommending disabling SSL 3.0 support in Internet Explorer, Chrome, Firefox and other browsers.  That can prevent you from being able to access some websites.  Be careful in disabling that support in your browser.

Internet Explorer – https://technet.microsoft.com/library/security/3009008.aspx

Firefox – https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

Chrome – http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html (not secure yet)

Safari – secure with Security Update 2014-005 released 10/17/2014 for Mac OS 10.8 and 10.9, 10.10 should already be secured.

Michael Spice can help you with securing your websites, browsers and testing to make sure your content is secure.