Click for a hub of Extension resources related to the current COVID-19 situation.
COVID-19 Resources
Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

SSLv3.0 vulnerable to MITM attack – suggest SSLv3.0 be disabled in favor of TLS1.1/1.2

by

On Tuesday, October 14, a proof of concept exploit was made public for a vulnerability in SSLv3.0. SSL version 3.0 is a cryptographic protocol that is used by both web servers and clients to encrypt data during transmission. If successful, the exploit could enable a Man-in-the-middle attack that could divulge data intended to be encrypted.  Current recommendations include disabling SSLv3.0 in favor of TLS 1.1 and 1.2.

The links below provide details on both the proof of concept exploit and also mitigation recommendations .

Original announcement

https://isc.sans.edu/diary/SSLv3+POODLE+Vulnerability+Official+Release/18827

Recommendations

https://isc.sans.edu/diary/POODLE%3A+Turning+off+SSLv3+for+various+servers+and+client.++/18837

Microsoft advisory

https://technet.microsoft.com/library/security/3009008