POODLE (SSLv3)
Padding Oracle On Downgraded Legacy Encryption
Related error
“This server has SSLv3 protocol enabled and is vulnerable to Poodle (SSLv3) attack. Disable SSLv3 on the server."
Problem
In 2014, Google researchers discovered a vulnerability in the SSL 3.0 protocol dubbed the "POODLE" vulnerability (Padding Oracle On Downgrading Legacy Encryption).
While the SSL 3.0 protocol is enabled, a MITM (man-in-middle) can intercept encrypted connections and calculate the plaintext of the intercepted connections.
SSL 3.0 vulnerabilities/security flaws are:
Message integrity is insecure.
Vulnerable to MITM attack.
The most effective way to counter the POODLE attack is to disable the SSL 3.0 protocol.
Solution
Server-side
Disable the SSL 3.0 protocol on the server and enable TLS 1.2 or 1.3.
Client-side
Additionally, DigiCert recommends disabling the SSL 3.0 protocol and enabling the TLS protocols (1.2 or 1.3) on the client side.