How Can I Tell if My Website is Affected by POODLE?

POODLE is the security vulnerability in SSL Version 3, used by older Internet browsers. The vulnerability was reported on October 14, 2014. If your website uses SSL, there is an easy way to check if your server is vulnerable.

Go to https://www.ssllabs.com/ssltest/index.html and type your domain name in the box. You may want to check the box “Do not show the results on the boards.” Click “Submit” and wait for your score. It will look something like the image below.

The green boxes indicate that the server is not vulnerable to the POODLE attack and that the recommended fallback is supported. You may see other notifications, like “This site works only in browsers with SNI support.” If any of the notifications are downgrading your score, you should contact your website host.

What About My Customers?

Advise them to go to https://zmap.io/sslv3 to test if their browser supports SSLv3. There are instructions on how to disable SSLv3.