More about Poodle
You might have heard that Google discovered a 15 year old flaw in SSL 3.0, a security protocol that turns out isn’t quite as secure as originally thought SSL 3.0 could let remote attackers highjack Web browser sessions and gain access to personal data, like Web-based email.
The flaw takes advantage of a browser’s ability to fall back from the more secure TLS protocol to SSL where attackers can then gain access to session cookies on victim’s computers.
In addition Poodle SSLv3 flaw could give attackers access to browser session cookies.
TLS and SSL are protocols that let your computer create encrypted connections with servers. SSL was thought for a long time to be very secure, but over the past few months has proven to be vulnerable to attacks that show its encryption isn’t all that safe.
No more support for SSL v3
Mailfence therefore disabled websupport for SSLv3 support for our web servers. We do realise this creates big security compatibility issues for older Web browsers without TLS -websupport-support.
What should you do?
Most of the responsibility for addressing Poodle falls on our shoulders or the shoulders.
However, This doesn’t mean there isn’t anything end users should do:
- First, make sure you’re using a modern Web browser that supports secure TLS connections, and not something like Internet Explorer 6.
- Second, watch for browser updates that disable SSL support.