AnsweredAssumed Answered

Why POODLE is mitigated?

Question asked by Idan B on Oct 20, 2014
Latest reply on Nov 7, 2014 by msmsms

We are checking some of our domains for POODLE vulnerability.

 

We have several servers that support SSL 3, use CBC cipher suites and don't support the  TLS_FALLBACK_SCSV flag.

Now on some serves the SSL Report says "This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C"

However on others we are getting "This server uses SSL 3, with POODLE mitigated. Still, it's recommended that this protocol is disabled"

 

Considering the fact that all servers  support SSL 3.0, CBC cipher suites and don't support TLS_FALLBACK_SCSV,

How come were getting different results?

Are there other factors at play here?

 

Thanks,

Outcomes