Do you still have SSL3 enabled? Check server and browser for POODLE vulnerability

    The POODLE vulnerability has been known for quite some time. Its description was found on Habré , however, the problem is still relevant, and SSL 3.0 is still used on many web servers. HostTracker offers an easy way to check whether this vulnerability is on the side of your browser or any web server.




    Validation of the browser occurs automatically immediately after choosing SSLv3 as the verification method. To check the server, you must enter the site address and click "check". As a result, an attempt will be made to connect via SSL 3.0 and the result will be returned - failed or failed to connect, respectively, we will know if this protocol is enabled on the server being checked.



    It should be emphasized that the availability of support for later versions of the secure protocol is not a panacea for this vulnerability. As noted in the above article, there is always a way to force a return to the old version of the protocol. The only way out is to turn it off completely. Therefore, if verification shows that the protocol is enabled, a security hole has a place to be. In order to protect yourself, just update your browser. As of the end of 2014, this vulnerability was closed in the latest versions of all popular browsers. With servers it’s a bit more complicated. Of course, at the moment, more than 99% of all web servers use newer protocols by default. However, a sufficient number of them simultaneously support SSL 3.0 "just in case." And this is a potential threat.


    Also popular now: