SSL Labs has a test for the just-announced POODLE attack against some TLS implementations https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls …
-
-
Replying to @ivanristic
@ivanristic Does it try POODLE? or just test for SSLv3?1 reply 0 retweets 0 likes -
Replying to @ivanristic
@ivanristic Sorry, I'm taking some pretty dopey medication :) I meant "SSLv3-style padding". The test might produce some False +'s2 replies 0 retweets 0 likes -
Replying to @colmmacc
@ivanristic Even SSLv3 can be secured against POODLE, by ignoring the padding length byte and instead computing all 16 potential HMACs1 reply 5 retweets 2 likes -
Replying to @colmmacc
@ivanristic Seeing some endpoints doing that, would apply to this bug too; though it's just plain silly not to enforce the TLS padding1 reply 0 retweets 0 likes
Replying to @ivanristic
@ivanristic I have a small number of endpoints doing it, for customers stuck with SSLv3-only clients. HMAC is pretty cheap compared to AES.
12:10 PM - 8 Dec 2014
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.