Poodle SSL v3.0 Vulnerability

- Poodle SSL Vulnerability

You may have heard recently about a vulnerability in SSL v3.0 known as Poodle . The attack is not considered as serious as the Heartbleed and Shellshock vulnerabilities. Regardless, we have taken steps to mitigate any risk to those using Astun Data Services via a secure connection (i.e. https).

What is the Poodle vulnerability?

The Poodle vulnerability is only found in the older SSL v3.0 specification and is a ‘man in the middle’ attack that could potentially be used to view the encrypted data sent between a client (such as a web browser) and a server.

Astun Data Services

The base mapping provided by Astun Data Services can be accessed via plain unencrypted http or encrypted https. We have taken steps to ensure that ADS base map services accessed via https are not vulnerable by disabling the older SSL v2.0 and v3.0 protocols in favor of the current TLS 1.0 specification. This is the recommended action as all modern browsers support TLS 1.0.

 

Internet Explorer 6.0 running on Windows XP with a Service Pack 2 or lower is the only common browser know to be affected by this change as it requires SSL v3.0.