Poodlebleed vulnerability SSL version 3.0

This poodle bits...

Google Online Security blog released details of a SSLv3 vulnerability called POODLE attack. Here you’ll find links to all the important info, all in one place!

Official website: poodlebleed.com (Test your website against Poodlebleed)

Security advisory (PDF download) | Google Blog | Firefox Blog | OpenSSL update | Red Hat | Nice article Fedora Blog | Discussion on cPanel forums | Cloudflare.

Disable SSLv3 in web browsers

Firefox

  • Install the Mozilla add-on called “SSL Version Control”

Or

  • Type about:config into the navigation bar and press [Enter]
  • Accept the warning and proceed
  • Search for tls
  • Change the value of security.tls.version.min from 0 to 1 (0 = SSL 3.0; 1 = TLS 1.0)

Chrome

  • Upgrade to the latest version of Chrome

Or

  • Run Chrome with the following command-line flag: –ssl-version-min=tls1

Internet Explorer

  • Go to Settings -> Internet Options -> Advanced Tab -> Uncheck “SSLv3” under “Security”

Tags: , ,

8 Shares
Tweet
Share
Share
+1
Reddit