Stop laughing. I know, I know, first Heartbleed, then Shell Shock, and now POODLE. What can I say. I don’t name these things, okay?

Anyway, apparently POODLE stands for “Padding Oracle On Downgraded Legacy Encryption”, whatever that means. Personally, I think they came up with the cute acronym first and the words to go with it later.

Basically, it just means that hackers can exploit a security vulnerability peculiar to SSL 3.0 that allows them to get the first digit of your SSL key in only 256 SSL 3.0 requests, on average. If you use Cloudflare or Openshift (or both), you should be fine as they both dropped SSL 3.0 support to combat this problem.

There are, however, two side-effects that result from dropping SSL 3.0 support. The first is that if you use Openshift, you will need to upgrade rhc and httpclient since the connection method has been changed slightly. To do this, just run:

$ gem update rhc httpclient

The other side-effect is that some systems, mainly Windows XP and IE 6 or lower, will have connection issues. So what, right? One more reason to install another browser.

About Mark Fischer, Jr.

Mark is a web developer and programmer. He likes reading classic novels, listening to classical music, skiing, and eating donuts.

Filed under news