wiki:Poodle

Background

On October 14th 2014, Google released a SSLv3 vulnerability called 'Poodle': http://googleonlinesecurity.blogspot.nl/2014/10/this-poodle-bites-exploiting-ssl-30.html

The vulnerability allows an attacker to obtain the plaintext of connections secures with SSLv3.

For a more in-depth discussion check: https://www.imperialviolet.org/2014/10/14/poodle.html

Is OpenVPN affected?

No. OpenVPN 2.x never supported SSLv3 or SSLv3 fallback. OpenVPN has always been strictly TLS 1.0 or TLS 1.0+.

Last modified 3 years ago Last modified on 10/15/14 08:04:29