POODLE (SSLv3)

Padding Oracle On Downgraded Legacy Encryption

“This server has SSLv3 protocol enabled and is vulnerable to Poodle (SSLv3) attack. Disable SSLv3 on the server."

Problem

In 2014, Google researchers discovered a vulnerability in the SSL 3.0 protocol dubbed the "POODLE" vulnerability (Padding Oracle On Downgrading Legacy Encryption).

While the SSL 3.0 protocol is enabled, a MITM (man-in-middle-attack) can intercept encrypted connections and calculate the plaintext of the intercepted connections.

SSL 3.0 vulnerabilities/security flaws:

  • Message integrity is insecure
  • Vulnerable to Man-In-The-Middle attack

The most effective way to counter the POODLE attack is to disable the SSL 3.0 protocol.

Solution

Server-side

Client-side

Additionally, DigiCert recommends disabling the SSL 3.0 protocol and enabling the TLS protocols (1.2 or 1.3) on the client side.