The POODLE Attack that was announced October 14, 2014 is regarding an exploit of SSL 3.0, a similar attack regarding a vulnerability against TLS will be announced.
How can you protect yourself against POODLE TLS? It has not been officially announced and the details have yet to be made public as of December 8, 2014 when this article was created, it is recommend for you to contact your vendor of your server or network appliance to obtain an update if required.
If an update is not available from your vendor it is recommended that you use TLS 1.2 and enable AES-GCM ciphers or if not available RC4.
PLEASE NOTE: Using other cipher suites such as the ones listed above may be vulnerable to other types of attacks the above recommendation is only to prevent attacks regarding POODLE TLS CVE-2014-8730.
Please see the helpful information listed below:
F5 Links:
CVE-2014-8730 Padding issue: https://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151
POODLE TLS Update: https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html
TLS Browser Support:
Firefox 32 |
Chrome 40 |
Internet Explorer |
Opera 25 |
Safari 7.1 |
TLS 1.2 |
TLS 1.2 |
TLS 1.2 |
TLS 1.2 |
TLS 1.2 |
TLS 1.1 |
TLS 1.1 |
NA |
TLS 1.1 |
NA |
TLS 1.0 |
TLS 1.0 |
TLS 1.0 |
TLS 1.0 |
TLS 1.0 |
SSL 3.0 |
SSL 3.0 |
SSL 3.0 |
SSL 3.0 |
SSL 3.0 |
Browser Support for TLS 1.2
Firefox |
Chrome |
Internet Explorer |
Opera |
Safari |
V24 - Disabled by Default |
v30 |
V8 - Disabled by default |
V10 - Disabled by default |
V7 OSX |
Mobile OS support for TLS 1.2
iOS |
Android |
Microsoft Mobile |
6+ |
4.4.2+ |
IE11/Mobile 8.1 |
Windows OS:
Windows OS Version |
SSL 2.0 |
SSL 3.0 |
TLS 1.0 |
TLS 1.1 |
TLS 1.2 |
Windows XP & Server 2003 |
X |
X |
X |
||
Windows Vista & Server 2008 |
X |
X |
X |
||
Windows 7 & Server 2008 R2 |
X |
X |
X |
X |
X |
Windows 8 & Server 2012 |
X |
X |
X |
X |
X |
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list
here
)