Google security researchers have discovered a new vulnerability in SSL 3.0.This vulnerability allows the plaintext of secure connection to be calculated by a network attacker. Researchers dubbed this attack as "POODLE", stands for Padding Oracle on Downgraded Legacy Encryption.
A fix to the problem is to add "TLS_FALLBACK_SCSV" support.This is the mechanism that solves the problem caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0,which will also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.
Google chrome and Google servers have supported TLS_FALLBACK_SCSV since February 2014 which can be used without compatibility problems.However, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0 .
Google said it will be completely removing the support for SSL 3.0 from its clients products in the coming months.
Google chrome and Google servers have supported TLS_FALLBACK_SCSV since February 2014 which can be used without compatibility problems.However, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0 .
Google said it will be completely removing the support for SSL 3.0 from its clients products in the coming months.
Post a Comment