The TLS security in OpenEdge includes:

Note: OpenEdge has both TLS 1.3 and TLS 1.2 as default protocols. This is due to the fact that Java 8 does not support TLS 1.3.

POODLE is a vulnerability which can affect secure communications making use of the Secure Socket Layer (SSL) 3.0 or TLS 1.0. However, newer releases of secure communication protocols, including Transport Layer Security (TLS) 1.1 and TLS 1.2, are increasingly less susceptible. An OpenEdge application is vulnerable to POODLE attack if it establishes secure communications over SSL 3.0.

OpenEdge now communicates over TLS 1.2/1.3 by default that makes it safe against this vulnerability. However, you can change the defaults if you are using an OpenEdge client prior to 11.6 to work with 11.6 OpenEdge server. To achieve this, you must downgrade the 11.6 OpenEdge servers to use TLS 1.0 and AES128-SHA and change the default server certificate from SHA256 to SHA1.

POODLE allows an attacker to decrypt cipher text using a padding oracle side-channel attack. Applications that use cipher-block chaining with the SSL 3.0 communication protocol are vulnerable to POODLE attacks. The SSL 3.0 protocol does not adequately check the padding bytes that are sent with encrypted messages. These padding bytes can be replaced by the attacker. So, an attacker can exploit this vulnerability to decrypt and extract information from inside an encrypted transaction.