On Tuesday, October 14, 2014, Google released details on the POODLE attack, a padding oracle attack that targets CBC-mode ciphers in SSLv3. The vulnerability allows an active MITM attacker to decrypt content transferred an SSLv3 connection. While secure connections primarily use TLS (the successor to SSL), most users were vulnerable because web browsers and servers will downgrade to SSLv3 if there are problems negotiating a TLS session.
— poodle.io
POODLE: SSLv3 vulnerability (CVE-2014-3566)
Red Hat Product Security has been made aware of a vulnerability in the SSL 3.0 protocol, which has been assigned CVE-2014-3566. All implementations of SSL 3.0 are affected.
— https://access.redhat.com/articles/1232123
Fix Apache
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:\
ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:\
RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
Don’t forget to test your configuration at ssllabs
— https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
Fix your browser, eg: firefox
You can set the value security.tls.version.min = 1 in the about:config dialog.
— https://poodle.io/browsers.html