SSLv3 POODLE mitigation recommendations

In our previous post, we discussed POODLE and legacy SSLv3 clients. The best solution to POODLE is to disable SSLv3. However, SSLv3 often can’t be disabled because legacy clients only speak SSLv3....
Published Oct 24, 2014
Version 1.0
security
Ian_124377's avatar
Ian_124377
Icon for Nimbostratus rankNimbostratus
Nov 12, 2014
I had one proposed solution. What about modifying client SSL profiles, and change the 'Cache Size' to a smaller value. This would require SSL renegotiation evey X requests. So, wouldn't that provide a better alternative to removing ciphers? This is just a thought. I would be interested in hearing others opinions on this.