Hello friends today i am posting this tutorial on how to find if your server is vulnerable to SSLv3 Poodle vulnerability this vulnerability was found by Google Team Poodle is the name that has been given to a vulnerability which is the result of a design flaw in a 17 year old protocol – SSL version 3.0. Unfortunately, SSLv3 is still supported by a number of commonly used applications.
About PoodleBleed :-
This issue impacts both clients (such as your web browser) and server side applications (such as Apache, nginx, OpenVPN, Postfix etc.). As with any security issue, consult your vendor or project website for specific details, they will always have the latest information relevant to you. If you’re using a web hosting company, check their blog or news pages to see if they’re posted about it or get in touch with them to make sure you’re ok.
I’ve pulled together a few ways you can check if your client or server (for example your website) is vulnerable.
SSLv3 Test Using the OpenSSL Client:-
openssl s_client -connect example.com:443 -ssl3
If it connects you are most likely vulnerable, if it fails it is most likely disabled. There are already several testing sites online listed below, I’ll update the list as I find other working tools.
https://zmap.io/sslv3/ (client test)
https://www.poodletest.com/ (client test – as shown below)
https://www.ssllabs.com/ssltest/ (server test – scroll down to ‘configuration’)
0 comments:
Post a Comment