There is a critical vulnerability in SSL v3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.
Who will be affected?
Any secure connection (https) you make via your web browser is at risk. That means visiting banks, PayPal, online shopping sites, etc are all vulnerable.
What will happen?
The attacker could potentially decrypt and read any of your sensitive data (passwords, etc) for any secure website you are connected to via https.
Are servers and clients both affected?
Yes, however the vulnerability exists only if both the server and client accept SSL v3.0 (which is the fallback cipher suite after TLSv1/TLSv1.1/TLS1.2 due to a downgrade attack).
How to test your browser against this vulnerability?
You can visit the following website to test your browser:
How to test your website against this vulnerability?
You can visit the following website to test your website:
How to fix this?
The only correct way to fix POODLE is to disable SSL v3.0 in all your browsers. The problem is, there is not an easy way to do this right now. Each browser will be rolling out fixes soon so make sure to upgrade your browsers as soon as possible. Server admins should also disable SSL v3.0 on their servers.
If you are Firefox user, you can use the following addon to set minimum TLS version:
To disable it for other browser, you can refer the following URL: