Message Image

Skip main navigation (Press Enter).

Data Center Security

View Only

Back to discussions

Expand all | Collapse all

Data Center Security Server Poodle SSL 3.0 vulnerability (CVE-2014-3566)

1. Data Center Security Server Poodle SSL 3.0 vulnerability (CVE-2014-3566)

0 Recommend
Mohammad Altaf Khan
Posted Mar 24, 2015 12:48 AM

Reply Reply Privately
Hi,

We found Poodle SSL 3.0 vulnerability (CVE-2014-3566) on DCS (Data Center Security Server).

I follow the following article but still the vulnerability is appearing.

http://www.symantec.com/business/support/index?page=content&id=TECH226504&actp=search&viewlocale=en_US&searchid=1427169411961

There is difference between articale and our DCS server.xml file.

Article TECH226504 contain following line

clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"

ciphers="%comma_separated_list_of_ciphers%"/>

Our Server.xml contain following line.

clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA"/>

Do we have to make same after ciphers=** in order to fix the vulnerability ?

Copyright 2019. All rights reserved.

Powered by Higher Logic