Mitigating POODLE vulnerability
The POODLE (Padding Oracle on Downgraded Legacy Encryption - CVE-2014-3566) uses the SSL version 3.0 protocol's vulnerability. This vulnerability makes it possible for the attacker to intercept the communication encrypted with the SSLv3 protocol. It is not present in TLS (Transport Layer Security) protocol anymore.
The following general solutions are advised in case of POODLE vulnerability:
- turning off SSL 3.0 support on the client
- turning off SSL 3.0 support on the server
- blocking support for CBC-based encryption packages when using SSL 3.0 (either on the client or the server)
Any of these solutions will avert vulnerability.
For more details, we suggest Digital Ocean's tutorial and Valencity Networks's description.