How we are dealing with POODLE bug

Recently Google security researchers found a bug in SSL v3 cryptography protocol which could be exploited to intercept data that’s supposed to be encrypted between computers and servers. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption, is a problem because it’s used by both websites and web browsers.

This bug is not as serious as the Heartbleed bug in OpenSSL, but some clients are wondering how we will address this issue. We disabled using SSL v3 on all our Azure servers that host websites for our clients. From last night, no one can access our web services using SSL v3.

If you use default settings on your browser, there should be no problems. If you turn off all other secure protocols such as TLS 1.0, TLS 1.1, TLS 1.2, etc., then you will get a message stating, “Turn on SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2 in Advanced settings and try connecting to again.”

If you get this message, you will need to turn on any other secure protocol if you want to use our services.

Listed under RB Web, RB8 | Tagged