skip to Main Content

Poodle: SSLv3-Vulnerability

There is a new SSL vulnerability reported in mass media, dubbed “Poodle”. Poodle does not include a “patch” because it is a protocol deficiency, not an implementation bug. The good news is though that SSLv3 is very old and the only browser that still requires this is IE6 on Windows XP, both are absolutely out of date.

However, it seems that when SSLv3 is activated on a web server, an attacker might force client and server to use it and then subsequently decrypt the connection. We have made sure our stratodesk.com webservers do not accept SSLv3.

Ubuntu 12.04 and Ubuntu 14.04 support SSLv3 so we have added code to our 1.0-75 stratodeskva software package to explicitely override the Ubuntu defaults and disable SSLv3. If you use Stratodesk Virtual Appliance and are concerned about Poodle, please update to 1.0-75 or later.

If you are interested in how to secure any other (non-Stratodesk) Apache, check the links below – basically all you need to do is to add “SSLProtocol All -SSLv2 -SSLv3” into your SSL configuration.

References:

Poodle: SSLv3-Vulnerability

There is a new SSL vulnerability reported in mass media, dubbed “Poodle”. Poodle does not include a “patch” because it is a protocol deficiency, not an implementation bug. The good news is though that SSLv3 is very old and the only browser that still requires this is IE6 on Windows XP, both are absolutely out of date.

However, it seems that when SSLv3 is activated on a web server, an attacker might force client and server to use it and then subsequently decrypt the connection. We have made sure our stratodesk.com webservers do not accept SSLv3.

Ubuntu 12.04 and Ubuntu 14.04 support SSLv3 so we have added code to our 1.0-75 stratodeskva software package to explicitely override the Ubuntu defaults and disable SSLv3. If you use Stratodesk Virtual Appliance and are concerned about Poodle, please update to 1.0-75 or later.

If you are interested in how to secure any other (non-Stratodesk) Apache, check the links below – basically all you need to do is to add “SSLProtocol All -SSLv2 -SSLv3” into your SSL configuration.

References:

Stratodesk and deviceTRUST Announce Their Collaboration Delivering the Most Secure Endpoint Environment

deviceTRUST and NoTouch OS ease the path for customers on their zero-trust security journey San…

Read more
Stratodesk and deviceTRUST Better Together

Authored by: Adam Cook and Sven Jansen Stratodesk and deviceTRUST have partnered together to bring…

Read more
Stratodesk Provides Real Value for the Channels – An Interview with Paul Austin, Stratodesk’s New VP of Global Channels

Stratodesk is delighted to welcome Paul Austin to Stratodesk as the new VP of Global…

Read more

Subscribe to our newsletter:

Back To Top