Description
SSL version 3 is vulnerable to padding oracle attacks and other cryptographic weaknesses, making it insecure for use in secure communication.
Recommendation
To mitigate security risks, disable SSL 3 and upgrade to more secure protocols such as TLS 1.2 or TLS 1.3.
References
- OWASP: Transport Layer Protection Cheat Sheet
- RFC 7568: Deprecating Secure Sockets Layer Version 3.0
- CWE-16
- CWE-326
- OWASP 2021-A2
- OWASP 2021-A5
Related Issues
- BREACH attack - CVE-2013-3587
- SSL 2 enabled - Vulnerability
- CRIME (SPDY) attack - CVE-2012-4930
- CRIME (SSL/TLS) attack - CVE-2012-4929
- Tags:
- SSL/TLS
- Encryption
- Server Misconfiguration
Anything's wrong? Let us know Last updated on May 13, 2024