SSL version 3.0 is no longer secure. Most of the top browsers’ development teams started working on disabling this protocol by default from their future releases. In order to avoid compromising a users’ private information, we have disabled this protocol for all our websites under travelnxt platform. This means, it has been disabled for all of our client websites, powered by travelnxt hosted platform now.
In late September, a team at Google discovered a serious vulnerability in SSL 3.0 that can be exploited to steal certain confidential information, such as cookies. This vulnerability is known as ‘POODLE.’ By exploiting this vulnerability, an attacker can gain access to things like passwords and cookies, enabling him to access a user’s private account data on a website. Google has published all details about POODLE – https://www.openssl.org/~bodo/ssl-poodle.pdf
Any website that supports SSLv3 is vulnerable to POODLE, even if it supports the latest and the most recent versions of TLS. In particular, these servers are subject to a downgrade attack, in which the attacker tricks the browser into connecting with SSLv3. This relies on a specific behavior of browsers called insecure fallback, where browsers attempt to negotiate lower versions of TLS or SSL when connections fail.
The POODLE attack can be used against any browser or website that supports SSLv3. This affects all the current browsers and most websites. Though almost all websites allow connections with SSLv3 to support old browsers, it is rarely used, since there are very few browsers that do not support newer versions of TLS, such as Internet Explorer 6.
As we have disabled this protocol from travelnxt, anyone trying to access the website/s in browsers that do not support the newer versions of TLS, will see an SSL error while accessing secure pages.
N.B: This post is made by Sanjay Ghare. Sanjay serves as a team lead for the SaaS team at tavisca. He has managed and migrated many online travel businesses successfully through the years to a cloud platform. You can directly reach Sanjay at – email@example.com.For product demos and queries contact – firstname.lastname@example.org Press and Media contact- email@example.com