skip to Main Content

Poodle: SSLv3-Vulnerability

There is a new SSL vulnerability reported in mass media, dubbed “Poodle”. Poodle does not include a “patch” because it is a protocol deficiency, not an implementation bug. The good news is though that SSLv3 is very old and the only browser that still requires this is IE6 on Windows XP, both are absolutely out of date.

However, it seems that when SSLv3 is activated on a web server, an attacker might force client and server to use it and then subsequently decrypt the connection. We have made sure our stratodesk.com webservers do not accept SSLv3.

Ubuntu 12.04 and Ubuntu 14.04 support SSLv3 so we have added code to our 1.0-75 stratodeskva software package to explicitely override the Ubuntu defaults and disable SSLv3. If you use Stratodesk Virtual Appliance and are concerned about Poodle, please update to 1.0-75 or later.

If you are interested in how to secure any other (non-Stratodesk) Apache, check the links below – basically all you need to do is to add “SSLProtocol All -SSLv2 -SSLv3” into your SSL configuration.

References:

Poodle: SSLv3-Vulnerability

There is a new SSL vulnerability reported in mass media, dubbed “Poodle”. Poodle does not include a “patch” because it is a protocol deficiency, not an implementation bug. The good news is though that SSLv3 is very old and the only browser that still requires this is IE6 on Windows XP, both are absolutely out of date.

However, it seems that when SSLv3 is activated on a web server, an attacker might force client and server to use it and then subsequently decrypt the connection. We have made sure our stratodesk.com webservers do not accept SSLv3.

Ubuntu 12.04 and Ubuntu 14.04 support SSLv3 so we have added code to our 1.0-75 stratodeskva software package to explicitely override the Ubuntu defaults and disable SSLv3. If you use Stratodesk Virtual Appliance and are concerned about Poodle, please update to 1.0-75 or later.

If you are interested in how to secure any other (non-Stratodesk) Apache, check the links below – basically all you need to do is to add “SSLProtocol All -SSLv2 -SSLv3” into your SSL configuration.

References:

Stratodesk Offers Scalable, Unified, and Simplified Endpoint Management – ActualTechMedia

The focus of this Spotlight Series discussion between Stratodesk CEO Emanuel Pirker and ActualTech Media…

Read more
Stratodesk and Citrix LTSR – Bringing Predictability to VDI Endpoints

Stratodesk has received certification for Citrix Ready™  verification for Citrix Virtual Apps and Desktops™ 2203…

Read more
Introducing Stratodesk NoTouch 3.4. & Stratodesk NoTouch Center 4.5.

It’s been a couple of months since Stratodesk NoTouch OS 3.3.727 was released, and this…

Read more

Sign up for your NoTouch OS Free Trial

Free Trial grants you 30 day access to Stratodesk software.









Specific questions or comments:
I agree to the privacy policy
Subscribe to Stratodesk Newsletter

Subscribe to our newsletter:

Back To Top
X