SSL has been the matter of focus these pasts months and we cant just say it’s finished. Another vulnerability, this time discovered by Google Research Team is SSL 3.0. It’s still being used throughout the Web,While SSL 3.0 has already been around for almost 15 years, and nearly every browser supports it.
The POODLE vulnerability is a weakness in version 3 of the SSL protocol that allows an attacker in a man-in-the-middle context to decipher the plain text content of an SSLv3 encrypted message.
POODLE as an acronym for Padding Oracle On Downgraded Legacy Encryption, researchers have shown that because of the widespread support for this, an attacker can assume it will be easy to find a situation where an SSLv3 connection can be forced and put to use for capturing private data or cookies.
First run this command to see if you are vulnerable or not. For Redhat Users:
#!/bin/bashret=$(echo Q | timeout 5 openssl s_client -connect "${1-`hostname`}:${2-443}" -ssl3 2> /dev/null)if echo "${ret}" | grep -q 'Protocol.*SSLv3'; thenif echo "${ret}" | grep -q 'Cipher.*0000'; thenecho "SSL 3.0 disabled"elseecho "SSL 3.0 enabled"fielseecho "SSL disabled or other error"fi
NOTE: This script takes the hostname of the server to check as the first argument and an optional port as the second. By default it will check the local system, port 443.
Developers/Sysadmins need to follow these recomendations in order to make this vulnerability non-exploitable.
Any website or application server, running on hands of the team are already protected against this vulnerability. SSLv3 has been completely disabled for anyone in our managed services plan.
If your server or website is still supporting SSLv3, dont worry! You have always the ClickIT team available to help 24/7!
Have you ever questioned how self-driving cars navigate without human input, how chatbots can carry…
Advanced prompt engineering strategies are important when extracting maximum value from Large Language Models (LLMs).…
Today, I will discuss which one is better, Python vs Node.js for AI development, so…
At this point, if AI isn’t part of your application, you’re falling behind in a…
As a CEO, I know that attending the top AI conferences 2025 is an excellent…
Why is Python frequently regarded as the top programming language for developing Artificial Intelligence? Based…