Skip to content, sitemap or skip to search.

FSF 30th anniversary logo
Personal tools
Join now
You are here: Home Blogs Sysadmin SSL, POODLE, and you

SSL, POODLE, and you

by Lisa Maginnis Contributions Published on Oct 16, 2014 03:09 PM
A new vulnerability, known as "Padding Oracle On Downloaded Legacy Encryption" (POODLE), has been discovered in the SSL protocol.

The flaw, which only affects the SSL 3.0 protocol, makes traffic vulnerable to man-in-the-middle attacks. We have dropped support for SSL 3.0 on fsf.org and gnu.org until a fix is released.

SSL 3.0 is nearly two decades old so most users will not be impacted by this change as we will continue to support modern encryption protocols. Older Web browsers without support for TLS 1.0 or later may have trouble connecting to our websites using a secure http connection (https).

A summary of CVE-2014-3566 can be found on the National Vulnerability Database.

The OpenSSL project has also produced a technical report (PDF) on the vulnerability.

Document Actions

The FSF is a charity with a worldwide mission to advance software freedom — learn about our history and work.

fsf.org is powered by:

 

Send your feedback on our translations and new translations of pages to campaigns@fsf.org.