Google announced today that it has discovered a "vulnerability in the design of...
Google announced today that it has discovered a “vulnerability in the design of SSL version 3.0” This allows the plaintext of secure connections to be calculated by a network attacker. Google says that disabling SSL 3.0 support is enough to mitigate the issue, but that could cause compatibility issues. Therefore, the company has announced support for TLS_FALLBACK_SCSV, which will prevent SSL 3.0 from being used when a client attempts to retry a failed connection....