Posts

POODLE returns

The POODLE has returned, with a vengeance! This time it’s affecting vendors such as F5, even though SSLv3 is disabled. This means that TLSv1.0, TLSv1.1 and TLSv1.2 can be affected if the SSL termination is being done on a vulnerable server. Those with F5 are advised to update to the latest version as soon as possible, and you can check on SSLLabs if your site is affected by this (in which case it will automatically be graded F-).

More information:
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html
http://blog.ivanristic.com/2014/12/poodle-bites-tls.html
https://www.imperialviolet.org/2014/12/08/poodleagain.html