Filter Blogs expand_more
Blog add
Authors add
1 Results for 'SSL 3.0'
Blog

By Bruce Morton

October 15, 2014

The POODLE attack (Padding Oracle On Downgraded Legacy Encryption) will allows items such as “secure” HTTP cookies or HTTP Authorization header contents to be stolen from downgraded communications. If POODLE is used against SSL 3.0, there is no workaround or corrective action that will mitigate the attack. The only solution is to stop supporting SSL 3.0. Disabling SSL 3.0 can be done either at the server or the client (e.g., browser) side. Most server administrators should consider disabling SSL 3.0.
Page 1 of 1