FWIW, while disallowing downgrading of the connection from TLS to SSLv3 technically defeats the exploit in question, opera-developer still supports SSLv3 which is just a half measure. SSLv3 was deprecated over a decade ago. Opera should drop support.
Latest posts made by originalgbee
-
RE: Any thoughts about the poodle SSL 3 bug?Suggestions and feature requests
-
RE: Any thoughts about the poodle SSL 3 bug?Suggestions and feature requests
It fails the poodle test, Chromium and Firefox do not when configured not to use SSLv3.
-
RE: Any thoughts about the poodle SSL 3 bug?Suggestions and feature requests
It appears that the --ssl-version-min argument is missing from opera-developer, so they must have removed it. So opera-developer is vulnerable and there is no way to fix that.