Recently Google security researchers discovered a flaw in the Secure Sockets Layer (SSL) 3.0 cryptography protocol (SSLv3) that, given the right conditions, can be used to intercept encrypted data. Attempts to exploit this flaw are called POODLE (“Padding Oracle On Downgraded Legacy Encryption”) attacks.

POODLE attacks take advantage of two vulnerabilities: (1) the ability to force a browser to downgrade to the least-secure (SSLv3) option, and (2) a defect in cipher-block chaining (CBC) mode in SSLv3.

Please note: Secure Sockets Layer certificates (SSL) are not affected by this vulnerability. There is no need to reissue, revoke or replace your digital certificates.

What you can do.

The best defense against POODLE for all websites is to disable SSLv3. For a detailed description of how to do this, visit https://zmap.io/sslv3/browsers.html.

About the POODLE vulnerability