Add new comment

SSL v3 - fault safety and end of life

This week a security flaw was discovered in the design of SSL v3. This would allow an attacker to decrypt encrypted with this method connections. For more information, see the note following CVE CVE-2014-3566 or OpenSSL report.

Since when does it exist?

SSL v3 is a 18 year old technology and the fault is so deep that its designers not will correct it. SSL v3 is now an obsolete and non-secure solution.

How to check if I am impacted?

To check if you are affected, you can consult the following article:

How to fix the?

To correct this flaw, we recommend that you disable SSL v3 support in your applications. The latter is already strongly replaced by the use of TLS. The impact of its deactivation may be very low. Everything depends on your configurations

We invite you to consult the following a few KB for more information about the patch to correct the problem:

If you have a shared benefit or complete outsourcing know that our teams have already been required.