跳到主要内容
博客云计算概述POODLE SSL 3.0漏洞

POODLE SSL 3.0漏洞

昨天,谷歌公布了一个名为 "POODLE "的SSL 3.0漏洞的发现。这个漏洞允许攻击者解密传输的数据并成功读取纯文本。虽然许多浏览器支持更新的、更安全的协议,但攻击者可以制造连接问题,导致浏览器退回到有漏洞的SSL 3.0协议。

Linode基础设施是否存在漏洞?

我们已在网络服务器、NodeBalancers 和其他基础设施上禁用 SSL 3.0。我们安全团队的快速执行保护了我们的基础设施免受该漏洞的攻击。

我容易受到伤害吗?

如果你面向互联网的Linode允许加密连接,你将需要确保SSL 3.0被完全禁用。这并不意味着首先提供一个更强大的协议,如TLS,而是说SSL 3.0根本就不应该是一个选项。你可以使用我们的指南检查你是否有漏洞以及如何禁用SSL 3.0:禁用POODLE的SSLv3


评论 (8)

  1. Author Photo

    Thank you guys for this rapid response.
    I think you should give a handy simple way on how to disable ssl 3.0 or deploy TLS_FALLBACK_SCSV into a server, such as how to change ssl.conf file.

  2. Author Photo

    In response to 水景一页, the Zmap people have put together a great resource:

    https://zmap.io/sslv3/

    There’s a nice cheat sheet for a few of the server-side packages:

    https://zmap.io/sslv3/servers.html

  3. Author Photo

    The post has been updated with our guide on how to check for and then disable SSL 3.0.

  4. Author Photo

    Hi,

    This guy is kindly enough to provide backported dovecot 2.0.9 which has SSlv3 disabled: https://fh.kuehnel.org/doevcot-ssl3/.

  5. Author Photo

    will there be any option in the near future to support SSL3 with TLS_FALLBACK_SCSV?

    IE6 may be dwindling, but it’s still out there in some markets.

  6. Author Photo

    Thank you so Much for Helpful Tips.

  7. Author Photo

    TLS_FALLBACK_SCSV on web server end is only part of the solution as it only works if client web browser end supports TLS_FALLBACK_SCSV https://community.centminmod.com/threads/poodle-attacks-on-sslv3-vulnerability.1651/page-3#post-8351 . So until all web browsers update to support such, SSLv3 should be disabled on server end.

  8. Author Photo

    Thank you So Much @George

留下回复

您的电子邮件地址将不会被公布。 必须填写的字段被标记为*