Poodlebleed a new threat to SSL

It's only fair to share...Share on Google+Pin on PinterestTweet about this on TwitterShare on LinkedIn

poodlebleed
A very critical vulnerability in SSL v3.0 has been discovered recently. Poodlebleed is a vulnerability in the design of SSL version 3.0. Poodle is actually an acronym for Padding Oracle On Downgraded Legacy Encryption. The vulnerability allows the decryption to plaintext of sensitive data sent via secure connections.

Remedy:

It is a protocol flaw, not an implementation issue, so every implementation of SSL 3.0 suffers from it. The TLS versions are not affected, so the fix is radical: disable the support of SSLv.3.0 on your server side and switch to TLS. In addition to disabling SSLv3.0 on your own server, you should be ready that the other services your store integrates with (Payment and Shipping Integrations, Antifraud Service, etc) will switch to TLS. For this reason the HTTPS modules (or bouncers) you use on your server for background outbound connections – OpenSSL, perl Net::SSLeay or LibCurl, cURL – are to be of the most recent versions which support TLS.