wiki:Poodle

Version 1 (modified by Steffan Karger, 9 years ago) (diff)

--

Background

On October 14th 2014, Google released a SSLv3 vulnerability called 'Poodle': http://googleonlinesecurity.blogspot.nl/2014/10/this-poodle-bites-exploiting-ssl-30.html

The vulnerability allows an attacker to obtain the plaintext of connections secures with SSLv3.

Is OpenVPN affected?

No. OpenVPN only supports TLSv1.0 and newer, and is thus not vulnerable to Poodle.