"This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken."<p>So this means AES-GCM essentially?
Link didn't work for me, here is the Google Cache text version:<p><a href="http://webcache.googleusercontent.com/search?q=cache:f01MHrX8LTAJ:https://www.imperialviolet.org/2014/12/08/poodleagain.html&strip=1" rel="nofollow">http://webcache.googleusercontent.com/search?q=cache:f01MHrX...</a>
We look forward to TLS 1.2 support being the norm. (And then, hopefully, the ratification and adoption of TLS 1.3)<p>A 50% adoption rate is excellent news. Still a long way to go, but that's worth toasting over.
POODLE worked not only against SSLv3, but also against any TLS implementations that check padding in SSLv3's style (e.g., just checking the last byte, and ignoring the rest of the padding). SSL accelerators from F5 and A10 were vulnerable. Thus, many of the world's largest sites were vulnerable.