Before anybody asks, RouterOS is not affected by the Poodlebleed exploit.

This is the first time I see such active approach from mikrotik. Keep going forward with this. I appreciate that.

I hadn't heard of it, but now that I've seen it, I'm almost wondering how it hasn't been found sooner (like, as soon as SSL 3.0 became an easy to decrypt protocol). I mean, OBVIOUSLY, if you have a control over the network between client and server, you can drop some of the connections. I never knew SSL/TLS tries to make several connections at the handshake. I thought it's one connection with packets back & forth (which would be more secure, but then again, I can also see how legacy applications might be broken with that approach, and thus how clients ended up doing the "downgrade dance").



OK, onto MikroTik...

@normis

When you say MikroTik is not affected, it's not affected because...
1) You have SSL 3.0 (and older) disabled or
2) You use an OpenSSL version with TLS_FALLBACK_SCSV support, and have that enabled
?

What about SSLv3 based SSTP? Is affected?

What about SSLv3 based SSTP? Is affected?

It only uses TLS and that is not affected.