Does this apply to SSLv2 as well?
I can't wait to see POODLE take over the internet! Thank goodness we have heroes to save us from the evils of SSL 3.0 and such and such, etc.
Not sure how to enable TLS_FALLBACK_SCSV on apache or nginx.To test I just disabled SSLv2 and SSLv3 on my personal https web site, so far so good all browsers (modern) traffic goes thru.
nvd still says it is under review. Is there a patch coming?
It's strange, but google.com is also vulnerable to POODLE attack:https://www.ssllabs.com/ssltest/analyze.html?d=google.com&s=22.214.171.124&hideResults=on
Post a Comment