Send The POODLE To The Pound



###Bundle details and download

By now you’ve heard about POODLE (CVE-2014-3566).

If not, here’s the “tl;dr”: SSLv3 is vulnerable. Really vulnerable.

There are remediation steps. And no, “disable SSLv3” isn’t a good idea unless you know exactly how all the bits are bouncing around. Better course is to use TLS_FALLBACK_SCSV, the Transport Layer Security Signaling Cipher Suite Value. But that’s beyond the scope here.

First however, you need to know which servers are using SSLv3.

ExtraHop does that. By default. No configuration required.

Here is a dashboard using the awesome dashboarding functionality added in 4.0 firmware. The dashboard shows you:

  • who the top servers using SSLv3 are
  • how often SSLv3 sessions are getting setup (the rate)
  • how many SSLv3 sessions are getting setup (the count)
  • how SSLv3 use compares with other cipher suites in use in your environment.