Cisco ASA POODLE Mitigation

Google has discovered a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. You can read more about here:

Cisco has an Advisory out:

You can also read the Cisco Event Response: POODLE Vulnerability:

To mitigate the POODLE vulnerability in Cisco ASA add these commands to the device configuration:

TPA-ASA#conf t
TPA-ASA(config)#ssl server-version tlsv1-only
TPA-ASA(config)#ssl client-version tlsv1-only

A great site to test for the POODLE Vulnerabiltiy is Qualys SSL Labs ( It runs a comprehensive SSL scan on the URL you want to scan.

As you can see below, I ran a scan before and after entering the commands.

Before adding commands:

After adding commands: