Poodlebleed a new threat to SSL

by Magento Developer
It's only fair to share...Pin on Pinterest
Pinterest
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin

poodlebleed
A very critical vulnerability in SSL v3.0 has been discovered recently. Poodlebleed is a vulnerability in the design of SSL version 3.0. Poodle is actually an acronym for Padding Oracle On Downgraded Legacy Encryption. The vulnerability allows the decryption to plaintext of sensitive data sent via secure connections.

Remedy:

It is a protocol flaw, not an implementation issue, so every implementation of SSL 3.0 suffers from it. The TLS versions are not affected, so the fix is radical: disable the support of SSLv.3.0 on your server side and switch to TLS. In addition to disabling SSLv3.0 on your own server, you should be ready that the other services your store integrates with (Payment and Shipping Integrations, Antifraud Service, etc) will switch to TLS. For this reason the HTTPS modules (or bouncers) you use on your server for background outbound connections – OpenSSL, perl Net::SSLeay or LibCurl, cURL – are to be of the most recent versions which support TLS.

Related Posts