Today, Google released a security advisory on a vulnerability in SSLv3. Nicknamed POODLE (yes, the dog!), the vulnerability makes it possible to decrypt “secure” HTTP cookies or authentication headers. To exploit this, an attacker could easily cause a connection failure that forces a browser to use SSLv3. Because this security vulnerability has widespread implications, we wanted to share a few tips to secure your site from this issue.
If your site supports SSL 3.0, you can prevent attacks by:
-
removing SSL 3.0 support
-
supporting TLS_FALLBACK_SCSV
-
using a service like Cloudflare that disables it by default.
For more information on this vulnerability, which does not affect your Cobalt account, check out the official security advisory, or read this post explaining its full scope.