On Tuesday, October 14, 2014, Google released details on the POODLE attack , a padding oracle attack that targets CBC ciphers in SSLv3. The attack is similar, but more practical than the BEAST attack. Adam Langley has published details of the attack . Websites that supports SSLv3 and CBC-mode ciphers are potentially vulnerable to an active MITM attack. We have been performing scans of the Alexa Top 1 Million Domains and the full public IPv4 address space to measure (1) the highest TLS version each site supports and (2) whether sites support SSLv3 at all. As of October 12, 2014, nearly all (96.9%) of the Top 1 Million websites supported SSLv3, and a small number (0.12%) did not support any version of TLS. We have also posted our raw data for the Alexa Top 1 Million scans. Highest TLS Version Sites Percentage HTTP Only 392,956 (41.2% of All Alexa) SSLv3 1,186 (0.12% of Alexa, ...