SSL 3.0 Vulnerability - Google Already Patched Theirs

Oct 15, 2014 - 8:23 am 3 by
Filed Under Usability

SSL lock errorYesterday, Google announced a serious exploit in the 15-year old SSL 3.0 design.

It is called the POODLE Attack, which stands for Padding Oracle On Downgraded Legacy Encryption. It is a "man in the middle" exploit which takes advantage of web browsers' fallback to SSL 3.0. You can read all the technical details in this Google paper.

Google said the solution is to not support it.

Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

Google said in the coming months they will disable SSL 3.0 support completely from their products.

You can read a lot more about this at Techmeme.

I do wonder if Google's search results will start labeling sites with SSL 3.0 issues.

Forum discussion at WebmasterWorld.


Popular Categories

The Pulse of the search community


Search Video Recaps

Google Core Update Volatility, Helpful Content Update Gone, Dangerous Search Results & Ads Confusion - YouTube
Video Details More Videos Subscribe to Videos

Most Recent Articles

Google Search Engine Optimization

Google Will Fight Site Reputation Abuse Spam Both With Manual Actions & Algorithms

Apr 16, 2024 - 7:51 am

Google Search Tests Thumbs Up/Down Buttons In Product Grid Results

Apr 16, 2024 - 7:41 am
Google Ads

Google Ads "Similar Product" Carousel

Apr 16, 2024 - 7:31 am
Google Search Engine Optimization

Clarification: Google Search Supports Images Referenced From src Attribute

Apr 16, 2024 - 7:21 am
Google AdSense

Google AdSense New Ad Intents Formats - Links & Anchors In Content

Apr 16, 2024 - 7:11 am
Search Forum Recap

Daily Search Forum Recap: April 15, 2024

Apr 15, 2024 - 4:00 pm
Previous Story: Google Report Says People Really Use Google Voice Search