Yesterday, Google published the discovery of an SSL 3.0 vulnerability named “POODLE.” This vulnerability allows an attacker to decrypt transferred data and successfully read plain text. While many browsers support newer, more secure protocols, an attacker can create connectivity issues, causing the browser to fall-back to the vulnerable SSL 3.0 protocol.
Is Linode Infrastructure Vulnerable?
We have disabled SSL 3.0 on our web servers, NodeBalancers, and the rest of our infrastructure. Quick execution from our Security Team has protected our infrastructure from this vulnerability.
Am I Vulnerable?
If your Internet-facing Linode allows for encrypted connections you will need to make sure that SSL 3.0 is completely disabled. This doesn’t mean that a stronger protocol such as TLS is offered first but rather that SSL 3.0 should not be an option at all. You can check if you’re vulnerable and how to disable SSL 3.0 using our guide: Disabling SSLv3 for POODLE.
Filed under: announcements by Linode Security Team