Next Chrome includes death knell for SSL
By
Darren Pauli, 31 Oct 2014 Well, this is interesting but I am not sure that it is once again a little too late to be of any use...still, an interesting article on a relatively current topic.
"Google will destroy vicious POODLE in a pending update to its flagship Chrome browser.Update 40 will remove SSLv3 and the hard-to-exploit cookie-stealing Padding Oracle on Downgraded Legacy Encryption (POODLE) attack. Cupertino followed Redmond in its browser POODLE put-down after a single click FixIt SSLv3 disabler was issued for Internet Explorer ahead of removal in a few months.Google security engineer Adam Langley wrote in an update that some buggy servers may stop working as a result.
"The update is that we're killing it," Langley said.
"SSLv3-fallback support allows a network attacker to force an HTTPS connection to a site to use SSLv3 [and] is only needed to support buggy HTTPS servers.""
Full Article
