We’d like to inform you of a new vulnerability (disclosed by Google on October 14th, 2014) in the SSL 3.0 protocol. The vulnerability labelled POODLE (Padding Oracle On Downgraded Legacy Encryption), can enable crucial information to be intercepted by third parties in communications with servers which enable SSL 3.0.
The issue is not linked to the SSL Certificates themselves but to the version of the protocol used when carrying out encrypted transactions. A vulnerability was discovered in the SSL 3.0 protocol, which can allow an attacker to have access to personal information such as passwords and cookies.
SSL 3.0 is still widely used, even though it is 18 years old, and the more secure TLS protocol has been available for 15 years.
To achieve secure encryption, SSL 3.0 has been disabled to protect against downgrade attacks.
