Stack Overflow
Stack Overflow

Questions tagged [poodle-attack]

The POODLE (short for "Padding Oracle On Downgraded Legacy Encryption") attack is a man-in-the-middle exploit which takes advantage of web browsers' fallback to SSL 3.0.

The POODLE (short for "Padding Oracle On Downgraded Legacy Encryption") attack is a man-in-the-middle exploit which takes advantage of web s' fallback to 3.0 which was disclosed on September 2014.

Its CVE ID is CVE-2014-3566.

74 questions
3
votes
1 answer

How to overcome the git error `Unknown SSL protocol error in connection`

I'm trying to git clone some repository, but then I get the error: $ git clone --recursive https://some-url.git Cloning into 'project'... fatal: unable to access 'https://https://some-url.git/': Unknown SSL protocol error in connection…
Bush
  • 2,433
  • 5
  • 34
  • 57
3
votes
0 answers

Facebook login not working - Graph User is always null and Failure in SSL Library

I have an application that has already been launched to the play store, Facebook login works fine, but the client has requested for changes. Changes have been made, now we are testing the application but Facebook login has stopped working. No…
user2172398
  • 161
  • 1
  • 8
2
votes
0 answers

Forcing a .NET 4.0 website to use TLS 1.1 or 1.2 from C#

I have a website which communicates with an API which shuts down connections that use anything below TLS 1.1 due to various security vulnerabilities such as POODLE. The website is compiled using .NET Framework 4.0 (not TLS 1.1 or higher compatible)…
tech-dev
  • 139
  • 7
2
votes
0 answers

iOS RestKit disable sslv3 client-side

I have disabled the sslv3 on the server side but I want to make sure if I can do something from the client side (iOS app). I'm using this library in my project: https://github.com/RestKit/RestKit I run some tests for the server like www.ssllabs.com…
Emrah Mehmedov
  • 1,492
  • 13
  • 28
2
votes
0 answers

How to disable SSL v3 for sun os 5.6 (OAS 4.0.8), I am facing POODLE vulnerability issue?

My Website is hosted on Sun OS 5.06 (OAS 4.0.8) and using web server : Oracle_Web_Listener/4.0.8. Website is configured to use https for secure pages and it was working fine from last 10 years but suddenly i am getting complaints from my customers…
Aamir khan
  • 21
  • 2
2
votes
0 answers

SSL_HANDSHAKE Error Domino TLS Outgoing

We have 5 customers running the same WebService from Domino This weekend we updated the customers servers with Domino 9.01. FP2 and the Poodle fixpack to be able to run TLS 1.0 incomming and outgoing. 4 Customers works perfect 1 Customer gets SSL…
Stefan K
  • 57
  • 1
  • 4
2
votes
1 answer

WCF service and POODLE attacks

In my application I am using WCF services that use NetTcpBindings and are configured for both message and transport security (protection level set to EncryptAndSign). The services are hosted as Windows Services in the system. As far as I understand…
mandjeo
  • 81
  • 1
  • 7
2
votes
1 answer

WinRT (Windows Store Apps) enforcing to use Tls12 instead of SSLv3

As SSLv3 has been found to be vulnerable to the POODLE attack. I am using Windows.Web.Http.HttpClient class to communicate with server and wanted to disable security protocol SSLv3 from client request. Here how can I use Tls12 instead of SSLv3 in…
Ankit
  • 55
  • 7
2
votes
1 answer

How to disable SSLv3 in Apache on Windows installed by Xampp

I'm attempting to disable SSLv3 in Apache which I've installed on Windows via xampp. But I'm having trouble figuring out how. I was told that I needed to add SSLProtocol All -SSLv2 -SSLv3 To my ssl config file but I'm not sure where that is. I see…
Matt
  • 896
  • 5
  • 18
  • 47
2
votes
2 answers

Detecting SSL3 in Browser using Javascript

Working on the latest SSL3 vulnerability (POODLE) and wondering if you can detect if the browser viewing the website has SSL3 enabled in their settings and if so prompt them with a message.
jeffrey_powers
  • 63
  • 1
  • 11
2
votes
1 answer

Tomcat APR connector and POODLE

I have a couple of production servers running Tomcat 7.0 with an APR+SSL connector and because of the recent POODLE attack I was asked to disable SSLv3 completely in some of these servers. I dig through the Tomcat Connectors documentation and…
Mike Laren
  • 8,028
  • 17
  • 51
  • 70
2
votes
1 answer

An API service I use is disabling SSL 3.0 because of the POODLE exploit. If I use HttpClient and HttpRequestMessage do I need to change my code?

Say I do typical stuff like this: HttpRequestMessage requestMessage = new HttpRequestMessage(); requestMessage.RequestUri = new Uri("https://api.site.com/"); HttpClient httpClient = new HttpClient(); httpClient.DefaultRequestHeaders.Accept.Add(new…
Dzejms
  • 3,108
  • 2
  • 30
  • 40
1
vote
1 answer

Yet another Paypal Curl / SSL v3 Handshake Error - SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I know there are a number of people asking this question, but none of the solutions I've read to date have worked for me. A site with a Paypal IPN listener fails in the curl postback. Curl Error: error:14077410:SSL…
the.s.brom
  • 95
  • 9
1
vote
0 answers

POODLE kills tomcat

We have a web app running on Apache tomcat 7.0.56 on windows, and we are using IE to access it. Tomcat is running secured over HTTPS On one system, after running our app and closing IE, when we restart IE, we cannot fetch any pages from the tomcat…
Simon Callan
  • 3,020
  • 1
  • 23
  • 34
1
vote
1 answer

Chrome (44 version) not working with self signed certificate

I am using self signed certificate for localhost in my web application. Recently i updated apache to 2.2.29 and openssl to 1.0.1m as recommended and disabled sslv3 and v2 for security. After this everytime accessing my application(every every page…
pooja
  • 319
  • 1
  • 2
  • 21
1
2
3 4 5