POODLE SSL version 3.0 FAQ

In October 2014 a critical security vulnerability was found in SSL version 3.0. Our frequently asked questions explain what POODLE and SSL version 3 are and how you can make sure you’re safe when using your DomainsFoundry SSL Certificates.

What is ‘POODLE’?

POODLE (Padding Oracle On Downgraded Legacy Encryption) is a vulnerability in SSL version 3.0 allow an attacker to read any information encrypted with SSL version 3 in plain text using a man-in-the-middle attack.

What is SSL version 3.0?

SSL version 3 is an encryption protocol used to secure internet connections. In October 2014, a critical security flaw was found in SSL version 3. Named POODLE.

What version is my DomainsFoundry SSL certificate?

Your DomainsFoundry SSL Certificate is ‘version-less’. SSL version 3.0 is a way you can use your DomainsFoundry SSL certificate to secure your website or email.

I’ve been told to stop using SSL version 3.0, what do I do?

First, check your website to see if SSL version 3.0 is still being used. If it’s not then you’re ok. If SSL version 3 is still in use then you’ll need to disable it.

How can I see if I’m using SSL version 3.0 with my DomainsFoundry SSL certificate?

There are a number of 3rd party testing tools. Try POODLE Scan. Note DomainsFoundry has no affiliation with this tool.

How can I disable SSL version 3.0?

If your using shared web hosting or managed VPS then we recommend contacting your current web host and ask them to disable SSL version 3.0 on your service.

Does DomainsFoundry support SSL version 3.0?

No, we have already disabled SSL version 3.0 on all our services. All websites hosted with us are already protected.

My current provider will not disable SSL version 3.0. Can I swap to you?

Yes, please contact us and we’ll be happy to help you.

If I buy an DomainsFoundry SSL certificate, will I be vulnerable to the SSL version 3.0 flaw?

You could be vulnerable if the service you install your DomainsFoundry SSL certificate on still has SSL version 3.0 enabled.

Where can I read more about the SSL version 3.0 vulnerability?

See CVE-2014-3566

I have a question about SSL version 3.0 which is not answered above. How can I contact you?

Please contact us.