Skip to main content
View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Explore Blog
Categories
570
  1. Cloud Consulting Services
    4
  2. Cloud Overviews
    42
  3. Compute
    9
  4. Containers (Kubernetes, Docker)
    31
  5. Databases
    18
  6. Developer Tools
    30
  7. Linode
    243
  8. Linux
    69
  9. Multicloud
    4
  10. Networking
    29
  11. Open Source
    5
  12. Partner Network
    7
  13. Security
    58
  14. Storage
    21
Authors 570
  1. Abe Massry 2
  2. Al Newkirk 1
  3. Alexander Newnham 2
  4. Andrew Sauber 1
  5. Andrew Stebbins 2
  6. Andy Stevens 4
  7. Bradley LaBoon 1
  8. Blair Lyon 11
  9. Billy Thompson 5
  10. Christopher Aker 176
  11. Cassie Bubnis 1
  12. Daniele Polencic 3
  13. David Monschein 2
  14. David Rodriguez 1
  15. Dan Spataro 2
  16. Elvis Segura 1
  17. Gardiner Bryant 1
  18. Holden Morris 4
  19. Hillary Wilmoth 56
  20. Jim Ackley 4
  21. Jessica Capuano Mora 1
  22. Justin Cobbett 11
  23. Jon Frederickson 1
  24. Jonathan Hill 2
  25. Justin Mitchel 4
  26. James Steel 5
  27. Jamie Sherkness 8
  28. Linode 52
  29. Linode Events 8
  30. The Linode Security Team 121
  31. The Linode Network & Security Teams 1
  32. LINQ 1
  33. Leslie Salazar 1
  34. Michelle Berg 1
  35. Mitch Donaberger 1
  36. Mike Fischler 1
  37. Mike Maney 9
  38. Maddie Presland 15
  39. Mike Quatrani 4
  40. Nathan Melehan 2
  41. Nigel Poulton 1
  42. Rick Myers 7
  43. Richard Tubb 1
  44. Sal Carrasco 1
  45. Shawn Michels 1
  46. Linode Support 12
  47. Tom Asaro 18
BlogCloud OverviewsPOODLE SSL 3.0 Vulnerability

POODLE SSL 3.0 Vulnerability

Linode
The Linode Security Team
October 15, 2014

Yesterday, Google published the discovery of an SSL 3.0 vulnerability named “POODLE.” This vulnerability allows an attacker to decrypt transferred data and successfully read plain text. While many browsers support newer, more secure protocols, an attacker can create connectivity issues, causing the browser to fall-back to the vulnerable SSL 3.0 protocol.

Is Linode Infrastructure Vulnerable?

We have disabled SSL 3.0 on our web servers, NodeBalancers, and the rest of our infrastructure. Quick execution from our Security Team has protected our infrastructure from this vulnerability.

Am I Vulnerable?

If your Internet-facing Linode allows for encrypted connections you will need to make sure that SSL 3.0 is completely disabled. This doesn’t mean that a stronger protocol such as TLS is offered first but rather that SSL 3.0 should not be an option at all. You can check if you’re vulnerable and how to disable SSL 3.0 using our guide: Disabling SSLv3 for POODLE.

You might also like...

DevOps and the Public Cloud: Selecting the Right Cloud Provider

DevOps and the Public Cloud: Selecting the Right Cloud Provider

New Techstrong Research reveals how organizations are preparing for a multicloud future and how it will impact selection of cloud providers.
Cloud Overviews
devops research ebook cover

DevOps and the Public Cloud: The Move to the Distributed Cloud

New Techstrong Research focuses on the eventual move to the distributed cloud and a developer-friendly environment.
Cloud Overviews
The Move to the Distributed Cloud: What DevOps Expects from Public Cloud Providers

The Move to the Distributed Cloud: What DevOps Expects from Public Cloud Providers

On-Demand
Attend this webinar to hear the latest 2022 DevOps and the Public Cloud research from Techstrong Research.
Cloud Overviews

Comments (8)

  1. Author Photo
    水景一页

    Thank you guys for this rapid response.
    I think you should give a handy simple way on how to disable ssl 3.0 or deploy TLS_FALLBACK_SCSV into a server, such as how to change ssl.conf file.

    Reply
  2. Author Photo
    Paul

    In response to 水景一页, the Zmap people have put together a great resource:

    https://zmap.io/sslv3/

    There’s a nice cheat sheet for a few of the server-side packages:

    https://zmap.io/sslv3/servers.html

    Reply
  3. Author Photo
    Ricardo Feliciano

    The post has been updated with our guide on how to check for and then disable SSL 3.0.

    Reply
  4. Author Photo
    Asfihani

    Hi,

    This guy is kindly enough to provide backported dovecot 2.0.9 which has SSlv3 disabled: https://fh.kuehnel.org/doevcot-ssl3/.

    Reply
  5. Author Photo
    John Sanderson

    will there be any option in the near future to support SSL3 with TLS_FALLBACK_SCSV?

    IE6 may be dwindling, but it’s still out there in some markets.

    Reply
  6. Author Photo
    Top Blogger

    Thank you so Much for Helpful Tips.

    Reply
  7. Author Photo
    George

    TLS_FALLBACK_SCSV on web server end is only part of the solution as it only works if client web browser end supports TLS_FALLBACK_SCSV https://community.centminmod.com/threads/poodle-attacks-on-sslv3-vulnerability.1651/page-3#post-8351 . So until all web browsers update to support such, SSLv3 should be disabled on server end.

    Reply
  8. Author Photo
    Ishmam Tahaseen

    Thank you So Much @George

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *