Readablewiki

POODLE

Content sourced from Wikipedia, licensed under CC BY-SA 3.0.

POODLE: a shortcut to understanding a big crypto flaw

POODLE stands for Padding Oracle On Downgraded Legacy Encryption. It is a security flaw found in the older SSL 3.0 protocol that can be exploited when a client and server fall back to SSL 3.0 during a connection. The vulnerability was discovered by Google researchers Bodo Möller, Thai Duong, and Krzysztof Kotowicz and was made public on October 14, 2014 (CVE-2014-3566).

How it works in simple terms
- If a system allows a downgrade from modern TLS to SSL 3.0, an attacker who can observe network traffic can trick the client into making many requests.
- By carefully repeating these requests, the attacker can gradually reveal one byte of the encrypted message at a time. On average, about 256 SSL 3.0 requests are enough to learn a single byte.

A second, TLS-related version
- On December 8, 2014, a new POODLE variant appeared that affects TLS (the successor to SSL). It exploits weaknesses in how some CBC encryption implementations handle padding, which can allow data to be exposed even without downgrading to SSL 3.0.
- This TLS variant is easier to exploit than the original SSL 3.0 version. Vendors with faulty padding checks needed their own fixes (CVE-2014-8730 is associated with a specific vendor implementation).

What was done to fix it
- The primary defense is to disable SSL 3.0 on both clients and servers. Most modern systems also adopt TLS_FALLBACK_SCSV, a mechanism that prevents the downgrade to SSL 3.0.
- Another mitigation is “anti-POODLE record splitting,” which breaks up data into smaller parts so a single attacker-controlled piece can’t be exploited. This can cause compatibility issues for some servers.
- Browsers and platforms rolled out fixes in late 2014 and early 2015:
- Chrome, Firefox, and Microsoft browsers disabled SSL 3.0 by default or removed support entirely.
- Safari and iOS/macOS received mitigations, and newer OS versions reduced the risk.
- Some services and sites (for example CloudFlare and Wikimedia) dropped SSL 3.0 support.
- OpenSSL, NSS, and LibreSSL added or strengthened TLS_FALLBACK_SCSV support.

Impact and current status
- Before the TLS variant was public, around 10% of servers were vulnerable to POODLE against TLS.
- Since these fixes, the risk has dropped dramatically as most clients and servers no longer support SSL 3.0. The focus has shifted to ensuring TLS implementations properly validate padding and support modern downgrade protections.

In short, POODLE showed why using the latest encryption and avoiding old fallbacks is crucial for secure communications.

This page was last edited on 3 February 2026, at 09:23 (CET).