Symantec Management Platform (Notification Server)

 View Only

  • 1.  Altiris 7.5 and POODLE

    Posted Oct 20, 2014 12:34 PM

    Hello all,

     

    I'm a little surprised that I haven't seen anything on the wire about this yet....

     

     

    Altiris 7.5 with SSL enabled and CEM....

     

    What are the recommended courses of action by Symantec for Altiris in regards to the severe vulnerability which effects their product?

     

    Cheers :)

     

    PSG



  • 2.  RE: Altiris 7.5 and POODLE

    Posted Oct 21, 2014 08:30 AM

    Hi PSG, 

    The POODLE vulnerability is affecting only SSLv3, as far as it goes for CEM and the communication with the Internet Gateway it is using the TLSv1 protocol. 

    You can also find more information about the vulnerability here :

    http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed?linkId=10092310

    Hope that helps.

    Best regards



  • 3.  RE: Altiris 7.5 and POODLE

    Posted Oct 23, 2014 02:12 PM

    Tema,

     

    Thank you for the reply.  How about internal HTTPS communication?  All internal communication and CEM communication is happening over 443.

     

    Thanks



  • 4.  RE: Altiris 7.5 and POODLE
    Best Answer

    Posted Oct 27, 2014 05:57 AM

    Powershell_Guru,

     

    Agent - server HTTPS communications also uses TLSv1 only, starting with the upcoming 7.6 version you will be able to configure which TLS version to use - 1.0, 1.1 or 1.2.