Skip to main content

POODLE (SSLv3)

Padding Oracle On Downgraded Legacy Encryption

Related error

“This server has SSLv3 protocol enabled and is vulnerable to Poodle (SSLv3) attack. Disable SSLv3 on the server."

Problem

In 2014, Google researchers discovered a vulnerability in the SSL 3.0 protocol dubbed the "POODLE" vulnerability (Padding Oracle On Downgrading Legacy Encryption).

While the SSL 3.0 protocol is enabled, a MITM (man-in-middle) can intercept encrypted connections and calculate the plaintext of the intercepted connections.

SSL 3.0 vulnerabilities/security flaws are:

  • Message integrity is insecure.

  • Vulnerable to MITM attack.

The most effective way to counter the POODLE attack is to disable the SSL 3.0 protocol.

Solution

Server-side

Disable the SSL 3.0 protocol on the server and enable TLS 1.2 or 1.3.

Client-side

Additionally, DigiCert recommends disabling the SSL 3.0 protocol and enabling the TLS protocols (1.2 or 1.3) on the client side.