Mitigating POODLE vulnerability

The POODLE (Padding Oracle on Downgraded Legacy Encryption - CVE-2014-3566) uses the SSL version 3.0 protocol's vulnerability. This vulnerability makes it possible for the attacker to intercept the communication encrypted with the SSLv3 protocol. It is not present in TLS (Transport Layer Security) protocol anymore.

The following general solutions are advised in case of POODLE vulnerability:

turning off SSL 3.0 support on the client
turning off SSL 3.0 support on the server
blocking support for CBC-based encryption packages when using SSL 3.0 (either on the client or the server)

Any of these solutions will avert vulnerability.

For more details, we suggest Digital Ocean's tutorial and Valencity Networks's description.

Phone:	+36 1 279 6222 9am to 4pm
E-mail:	@email
Address:	H-1111 Budapest, Kende u. 13-17.