[Cryptography] POODLE vs short key
rsalz at akamai.com
Wed Dec 24 12:06:42 EST 2014
> What do you think is worst having enabled, POODLE or TLS with 56 bit keys?
Install the SCSV fallback. Modern clients (say those written shortly after the start of this century) will do TLS, older ones can use SSL, and you can avoid having the modern ones tricked into acting like older ones. The server-side code is pretty easy to do, and is bundled into OpenSSL since the time of disclosure.
Note that this will catch many false-positives because of network hiccups and browsers not always being able to tell when it's the network and when it's the server denying them.
More information about the cryptography