ÃÛÌÒTV

News 10-15-2014

This POODLE Bites: New Vulnerability Found on Servers

Dan Timpson

Today, in the implementation of the SSL 3.0 protocol, potentially compromising secure connections online. ÃÛÌÒTV and other security experts are recommending system administrators disable SSL 3.0 on their servers and use TLS 1.1 or 1.2.

This vulnerability does not affect SSL Certificates. There is no need to renew, reissue, or reinstall any certificates.

ÃÛÌÒTV DOES NOT have SSL 3.0 enabled on its website or online services and is not vulnerable to the exploit.

SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and...will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue. - Google Security Blog

What Should I Do?

You can use ÃÛÌÒTV's free tools Certificate Inspector and the SSL Installation Diagnostics Tool to check if SSL 3.0 is enabled on your servers.

For servers that have SSL 3.0 enabled, ÃÛÌÒTV and other security experts are recommending that you disable SSL 3.0 and use at least TLS 1.0, preferably TLS 1.1 or 1.2. Most modern browsers will support TLS 1.1 and 1.2.

Instructions to disable SSL 3.0:

If you use a hosting provider, we recommend that you call your provider and request that they disable SSL 3.0 on your server.

To protect yourself while on sites that still have SSL 3.0 enabled, you can disable SSL 3.0 client-side in your own browser. See our instructions disabling SSL 3.0 in Internet Explorer, Firefox, and Chrome.

Servers that do not have SSL 3.0 enabled are unaffected.

ÃÛÌÒTV is taking swift action to notify ourÌýcustomers and other community members of the vulnerability, and inform them of the recommended courses of action.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205