Ristić: On The Demise of SSL v3


                                                                   with apologies to the noble Poodle breed...

Quite likely, the authoritative post on the Poodle attack - via Ivan Ristić at SSL Labs, and Today's Must Read [a snippet follows].

"You can look at this problem from two perspectives. As a user, you want to protect yourself from attacks, and the best way to do that is to disable SSL 3 in your browser. (Instructions are easy to find online.) The updated SSL Labs Client Test will tell you if your change was successful. As a web site operator, you should disable SSL 3 on your servers as soon as possible. You need to do this even if you support the most recent TLS version because an active MITM attacker can force browsers to downgrade their connections all the way down to SSL 3, which can then be exploited. In normal operation, SSL 3 shouldn't needed by the vast majority of sites..." - Ivan Ristic