Google released SSLv3 vulnerability summary analysis report-vulnerability warning-the black bar safety net

2014-10-15T00:00:00
ID MYHACK58:62201454674
Type myhack58
Reporter 佚名
Modified 2014-10-15T00:00:00

Description

!

This morning, Google released a SSLv3 vulnerability a brief analysis of the report. According to Google's statement,the exploit runs through all of the SSLv3 version, the use of the vulnerability, the hacker can by a man in the middle attacks, etc. in a similar manner(as long as the hijacking of data encryption on both ends using SSL3. 0), You can successfully get to the transmission data(for example cookies) as well. The deadline to send the text before, there is not any patch released.

For this Google said they could only give a helpless suggestion: close the client SSLv3 support or server SSLv3 support, or both closed.

In addition, Google has already made it clear will in the next few months, gradually from its services in the revocation of off SSLv3 support.

!

FreeBuf repair recommendations(thanks to the red and yellow full): The

Nginx:the

[1] [2] next