Hire us

Vulnerability Discovered in SSL 3.0

Vulnerability Discovered in SSL 3.0

Vulnerability Discovered in SSL 3.0 – The stealth Poodle

SSL has been the matter of focus these pasts months and we cant just say it’s finished. Another vulnerability, this time discovered by Google Research Team is SSL 3.0. It’s still being used throughout the Web,While SSL 3.0 has already been around for almost 15 years,  and nearly every browser supports it.

The POODLE vulnerability is a weakness in version 3 of the SSL protocol that allows an attacker in a man-in-the-middle context to decipher the plain text content of an SSLv3 encrypted message.

POODLE as an acronym for Padding Oracle On Downgraded Legacy Encryption, researchers have shown that because of the widespread support for this, an attacker can assume it will be easy to find a situation where an SSLv3 connection can be forced and put to use for capturing private data or cookies.

What is being done?

First run this command to see if you are vulnerable or not. For Redhat Users:

#!/bin/bashret=$(echo Q | timeout 5 openssl s_client -connect "${1-`hostname`}:${2-443}" -ssl3 2> /dev/null)if echo "${ret}" | grep -q 'Protocol.*SSLv3'; thenif echo "${ret}" | grep -q 'Cipher.*0000'; thenecho "SSL 3.0 disabled"elseecho "SSL 3.0 enabled"fielseecho "SSL disabled or other error"fi

NOTE: This script takes the hostname of the server to check as the first argument and an optional port as the second. By default it will check the local system, port 443.

What actions do you need to take?

Developers/Sysadmins need to follow these recomendations in order to make this vulnerability non-exploitable.

  • Disable SSL 3.0 support or disable SSL 3.0 CBC-mode ciphers.
  • Implement the proper use of TLS_FALLBACK_SCSV to remediate the forced downgrade issue that is part of the vulnerability.

ClickIT Customers Protected

Any website or application server,  running on hands of the team are already protected against this vulnerability. SSLv3 has been completely disabled for anyone in our managed services plan.

If your server or website is still supporting SSLv3, dont worry! You have always the ClickIT team available to help 24/7!

Looking for a professional DevOps team to bring your project to life?

Subscribe

to our newsletter

Table of Contents

We Make
DevOps Easier

Hire an expert
From building robust applications to staff augmentation

We provide cost-effective solutions tailored to your needs. Ready to elevate your IT game?

Schedule a Call
BP2C Winner 2022 - Empresa acreditada ClickIT DevOps & Software Development

Services

Nearshore DevOps Outsourcing

Hire DevOps engineers 

Hire Remote DevOps 

Nearshore Software Development

Hire Python Developer

Hire React Developer

Hire PHP Developer

Hire Node.js Developer

Web development company

Web app development

Custom Software development

Industries

SaaS Development Consulting

SaaS Security Services

Fintech app development

Fintech Software Development

Healthcare SaaS

Healthcare Software Development

Healthcare app development

Top Locations

Software Companies in Dallas

Software Companies in San Diego

Software Companies in Los Angeles

Tech Companies in New York

Web Development Company in Houston

Web Development Companies in California

Location

Saltillo, México
+52 (844) 141-8485
Monterrey, México
+52 (811) 255-6467
Los Angeles, USA
+1 (512) 487-7554
Facebook Twitter Youtube Linkedin Spotify Instagram Tiktok

Contact us

Work with us now!

You are all set!
A Sales Representative will contact you within the next couple of hours.
If you have some spare seconds, please answer the following question