POODLE Vulnerability – We’ve disabled SSLv3 support on our web hosting servers

On October 14th 2014 Google released details on the POODLE attack, a padding oracle attack that targets CBC-mode ciphers in the 15 year old SSLv3 security protocol. The vulnerability allows an active “man-in-the-middle” attacker to decrypt content exchanged via an SSLv3 connection. While secure connections primarily use TLS (the successor to SSL), most users were vulnerable because web browsers and servers will downgrade to SSLv3 if there are problems negotiating a TLS session.

To mitigate the vulnerability we have, with immediate effect, disabled SSLv3 on all of our servers. With all popular browsers defaulting to the more modern TLS method of securing connections, and as less than 0.75% of traffic exchanged via our hosting servers was sent via SSLv3 connections, this will have a minimal impact on visitors ability to access websites hosted by O’Brien Media.