[This post is more of a public service announcement regarding the recent SSL v3 flaw dubbed “POODLE” for the few remaining people still using Zeus Web Server out there]
You’ve probably seen the warnings about the critical design flaw in SSL v3 allowing attackers to decrypt encrypted connections, dubbed “POODLE” (Padding Oracle On Downgraded Legacy Encryption).
To cut a long story short, you need to disable SSLv3 in your web server right now. If you’re running Zeus Web Server, here’s how:
- Upgrade to Zeus Web Server 4.3r5 (the last release ever, from January 2010)
- Add the following setting to
- Restart Zeus Web Server:
Questions in the comments, please. If you don’t have a copy of Zeus Web Server 4.3r5, I can’t help you with that, I’m afraid.
Update: more useful information on disabling SSLv3 in web browsers and other web servers on StackExchange.