TLS-POODLE-Vulnerability/EN/Background: Unterschied zwischen den Versionen

Aktuelle Version vom 11. Juni 2019, 12:28 Uhr

There is a variant of the POODLE attack which also attacks newer TLS versions. This is possible due to an implementation error in the TLS servers.

Version vom 14. März 2019, 23:11 Uhr (Quelltext anzeigen) Siwebot (Diskussion \| Beiträge) ← Zum vorherigen Versionsunterschied		Aktuelle Version vom 11. Juni 2019, 12:28 Uhr (Quelltext anzeigen) Siwebot (Diskussion \| Beiträge)
Zeile 1:		Zeile 1:
−	~~Concerning the encrytion, all you really need to do~~ is ~~to deactivate~~ the ~~outdated protocol version SSLv3.~~	+	There is a variant of the POODLE attack which also attacks newer TLS versions. This is possible due to an implementation error in the TLS servers.
−
−	~~The~~ POODLE attack ~~uses the protocol version negotiation function in [https://en.wikipedia.org/wiki/Transport_Layer_Security SSL/~~TLS~~] to force the use of SSLv 3~~.~~0, and then it exploits this vulnerability~~ to ~~decrypt selected content within~~ the ~~SSL session. Decryption is carried out byte by byte, and it generates a high number of connections between the client and the server~~.