Repost: Red Hat Security – POODLE SSL 3.0 vulnerability

POODLE – An SSL 3.0 Vulnerability (CVE-2014-3566)

Red Hat Product Security has been made aware of a vulnerability in the SSL 3.0 protocol, which has been assigned CVE-2014-3566. All implementations of SSL 3.0 are affected. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack.

To mitigate this vulnerability, it is recommended that you explicitly disable SSL 3.0 in favor of TLS 1.1 or later in all affected packages.

Read the whole article via Red Hat Security.


Join the Red Hat Developer Program (it’s free) and get access to related cheat sheets, books, and product downloads.

Share
  • The link on “Click here to order these materials” does not seem to work. Do you have an alternative link? I’d love to see this. Thanks in advance.

    • Mike Guerette

      Hello and thank you for your email.

      I’m not able to find your reference “Click here to order these materials” on my repost. Can you supply more information?

      Thanks,

      Mike

  • I have read that if your browser uses SSL 3.0 but the website you are visiting does not, you are not at risk. What’s your take on this?