/plushcap/analysis/cloudflare/sslv3-support-disabled-by-default-due-to-vulnerability

SSLv3 Support Disabled By Default Due to POODLE Vulnerability

What's this blog post about?

A new vulnerability in SSL called POODLE has been discovered, which targets the SSLv3 protocol and allows an attacker to compromise encryption. CloudFlare has disabled SSLv3 across its network by default for all customers, impacting some older browsers like Internet Explorer 6 on Windows XP or older. The company is working with partners to ensure support for HTTPS over other protocols than SSLv3. An option to enable SSLv3 is available for Business and Enterprise customers who prioritize broad browser support over the risk posed by this vulnerability, but it's recommended to leave it disabled unless there's a specific reason to enable it. Google's BoringSSL fork of OpenSSL may provide protection against downgrading SSL connections, mitigating the largest risk posed by this vulnerability.

Company
Cloudflare

Date published
Oct. 14, 2014

Author(s)
Matthew Prince

Word count
582

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.