The Poodle just killed SSL

After Heartbleed we now have Poodle as a viable attack on secured SSL/TLS communication. The vulnerability, as I understand it, allows an attacker to trick client and server in re-negotiating the encryption protocol to use. The goal is to get the connection downgraded from a TLS 1.x to a SSL 3.0 connection. As a side note, I dearly hope you don't have a server running that still offers SSL v2 - turn it off together with SSL v3, will you? The reason why server and client are still speaking SSL v3 is often compatibility, but to have reasonably secured communication we need to start using modern protocols and algorithm and abandon old stuff even if it causes some inconvenience. Let's be honest, do you want to connect to a bank website that still allows Windows XP IE6 clients? I don't want to and I hope you don't buy into the FUD that some people put out.

So without further ado, use this site to test your browser for Poodle vulnerability.

Mozilla has announced to disable SSL v3 in Firefox 34 by default and Apple has released a Mac security update.