The revelation of the POODLE vulnerability demonstrated that SSL 3.0 should be disabled and removed from any products that still contain it. Companies taking this step include Twitter, Apple, EBay, Mozilla Firefox, Google, and PayPal.
When will others make the change to TLS 1.2?
Should they be allowed to continue to offer a flawed technology?
We think the answer is “NO” and they should immediately migrate to TLS 1.2.
Forcing use of TLS 1.2 is not enough, TLS must be properly implemented in the web browser and the server. InterWorking Labs offers a TLS 1.2 Test Suite to identify bugs, problems, and flaws in TLS implementations.
Want to know more about SSL/TLS?