Poodle

A vulnerability was recently exposed in a protocol that secures web pages in HTTPS mode. When users on your website view pages in HTTPS mode, there are a number of underlying technologies that the web uses to encrypt data and make it secure.  A vulnerability in one of those technologies (SSL 3.0) was recently publicized by Google with a codename of “POODLE”.  This vulnerability is serious enough that it would compromise the security of your HTTPS pages.

If you have not chosen to fix this already it is almost certainly a vulnerability for your server.  In fact,  it is possible that your server may also be configured to allow the SSL 2.0 protocol, which also had a publicized vulnerability a while ago.

There is a tester you can run here: https://www.poodlescan.com/

In order to fix it on a Windows server running IIS, I recommend using the IIS Crypto utility, which is a free utility put out by NARTAC Software here.

Apply the following settings and then reboot:

crypto

%d bloggers like this: