It seems that SSL just cannot stay out of the news. Another vulnerability, this time in SSL 3.0, has been disclosed at the Google Online Security Blog. While SSL 3.0 has already been around for almost 15 years, it’s still being used throughout the Web, and nearly every browser supports it.
The key point though, is that even though newer and more secure versions of SSL are out and are being used, browsers work with older protocols when connections fail. This means an attacker can cause connection problems with the intent of triggering a deprecated version of SSL, leading to the exploitation of the service, and allowing for once-encrypted information to be seen in plain-text. The newly disclosed vulnerability in SSL 3.0 does exactly this dubbed POODLE as an acronym for Padding Oracle On Downgraded Legacy Encryption.
If you’re in the less than one percent of users relying on outdated browsers, simply download a newer client such as Mozilla Firefox or Google Chrome. These leverage a more secure protocol than SSL known as TLS and have the added benefit of updating automatically which can help you remain secure in the future!
If you are using the latest version of Firefox, they will be disabling SSL v3 in their November 25th Firefox update by default, but you don’t have to wait for that update. Mozilla has created a plugin that will allow you to set the minimum SSL version that Firefox will accept, to turn off SSLv3 support in Internet Explorer 11: Setting -> Internet Options -> Advanced Tab -> Uncheck “SSLv3″ under “Security”.
As always if you have questions or concerns feel free to reach out to our support team anytime.