How we handled the newly discovered POODLE vulnerability in SSLv3
Yesterday, another attack against SSL has been reported on the wider Internet. The vulnerability in the SSL protocol, called POODLE this time around (after CRIME and BEAST) before it, allows an attacker to completely nullify the encryption between client browsers and a web server.
None of the eCommerce Portals hosted by Sensational AG over SSL/TLS are susceptible to the POODLE attack (or any other known attack against SSL).
We have disabled SSL v3 a few years ago already as it became apparent that the security offered by this nearly two decades old protocol started to show weaknesses.
All sites we host over SSL get a solid A+ rating on the well-known SSL testing service at SSLLabs, thanks to the forward-looking choice of encryption algorithms offered by the servers and thanks to fully supporting HSTS with a very long time-frame.