POODLE Attack: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
No edit summary
Line 10: Line 10:
=Overview=
=Overview=


The POODLE Attack (CVE-2014-3566) is a problem in the CBC encryption scheme as implemented in the SSL 3 protocol. TLS 1.0 is immune to it. In order to successfully exploit POODLE the attacker must be able to inject malicious JavaScript into the victim's browser and also be able to observe and manipulate encrypted network traffic on the wire.


=Disable SSL3 on Apache httpd=
=Disable SSL3 on Apache httpd=

Revision as of 00:38, 7 January 2016

Internal

External

Overview

The POODLE Attack (CVE-2014-3566) is a problem in the CBC encryption scheme as implemented in the SSL 3 protocol. TLS 1.0 is immune to it. In order to successfully exploit POODLE the attacker must be able to inject malicious JavaScript into the victim's browser and also be able to observe and manipulate encrypted network traffic on the wire.

Disable SSL3 on Apache httpd

To disable SSLv3 on httpd modify the SSLProtocol directive at the top level in ssl.conf:

SSLProtocol All -SSLv2 -SSLv3

This will give you support for TLSv1.0, TLSv1.1 and TLSv1.2, but explicitly removes support for SSLv2 and SSLv3.