POODLE (SSLv3)

Padding Oracle On Downgraded Legacy Encryption

“This server has SSLv3 protocol enabled and is vulnerable to Poodle (SSLv3) attack. Disable SSLv3 on the server."

Problem

In 2014, Google researchers discovered a vulnerability in the SSL 3.0 protocol dubbed the "POODLE" vulnerability (Padding Oracle On Downgrading Legacy Encryption).

While the SSL 3.0 protocol is enabled, a MITM (man-in-middle-attack) can intercept encrypted connections and calculate the plaintext of the intercepted connections.

SSL 3.0 vulnerabilities/security flaws are:

  • Message integrity is insecure.
  • Vulnerable to Man-In-The-Middle attack.

The most effective way to counter the POODLE attack is to disable the SSL 3.0 protocol.

Solution

Server-side

Disable the SSL 3.0 protocol on the server and enable TLS 1.2 or 1.3.

Client-side

Additionally, DigiCert recommends disabling the SSL 3.0 protocol and enabling the TLS protocols (1.2 or 1.3) on the client side.

About

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.