Update on SSL v3 “POODLE” Vulnerability Fix
Posted on 22 Oct 2014 by Adam
We’ve had a lot of support tickets coming in over the past few days regarding the recently discovered “POODLE” vulnerability in SSL v3, so thought it would be worthwhile writing a brief blog post just to explain the issue and what we’ve done to secure our servers against it.
After hearing about the discovery last week, we implemented immediate changes, and disabled SSL v3 & v2 on all of our Apache-based UK/US shared servers.
It’s important to also note that the vulnerability doesn’t affect SSL certificates themselves, and is instead related to the SSL protocol. This means there is no need for your SSL certificates to be revoked and re-issued.
The vulnerability would allow MITM (Man-In-The-Middle) attackers to intercept encrypted connections. Whilst a MITM (Man-In-The-Middle) attack would be rare, we prefer to take precautions to avoid any problems further down the line.
If you’d like us to fix this on your dedicated server, please create a support ticket here, and our technical support team will be happy to disable SSL v3 on your server.