Home > Webmaster News > Internet News > New SSL Security Bug Prompts Google To Drop Support For SSL 3.0
Poodle SSL Exploit

New SSL Security Bug Prompts Google To Drop Support For SSL 3.0

Google has published details regarding the latest vulnerability within SSL called Poodle – this time targeting SSL 3.0. The newly found exploit allows one to steal secure cookies and other data via an SSL 3.0 connection. Granted SSL 3.0 is well over 15 years old now, and has since been superseded with the more secure  TLS 1.0, TLS 1.1 or TLS 1.2 – the technology is still used as a fallback when connection problems occur as it helps maintain backward compatibility.

Google’s response to the flaw is to scrub SSL 3.0 support from its flagship Chrome browser. Websites and other browsers are also expected to end support for SSL v3 as it’s now considered insecure by design, and instead enforce the use of TLS for HTTPS connections.

Google also recommends browsers and web servers use TLS_FALLBACK_SCSV, the Transport Layer Security Signalling Cipher Suite Value that blocks protocol downgrades.

Doing so will be more effective than simply killing off SSL 3.0 support: that’s because using this magic value should prevent all future downgrade attacks. Chrome and Google’s web servers already support TLS_FALLBACK_SCSV, we’re told.

Google’s security advisory includes advice for system admins looking to further ensure the security of their servers.

About Michael Boguslavskiy

Michael Boguslavskiy is a full-stack developer & online presence consultant based out of New York City. He's been offering freelance marketing & development services for over a decade. He currently manages Rapid Purple - and online webmaster resources center; and Media Explode - a full service marketing agency.

Check Also

When Disaster Strikes: Reviewing AWS vs Azure Disaster Recovery Solutions

Disaster recovery, in the context of IT, refers to the implementation of specific tools, policies, ...

Like every other website, this site uses cookies to analyze our traffic. Cookies may also be utilized by our advertisers and partners. By using this website you agree to the use of said cookies. More Information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings, continuing to navigate past this message, or you click "Accept" below then you are consenting to the use of cookies on the Rapid Purple website.