This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New SSL vulnerability "Poodle" and the Userportal

Hi all,

I just found out about poodle and tested my UTM for it: It sure is vulnerable... and of course the Userportal is exposed. The Webadmin is not available form outside though.

As long as there is no fix from Sophos is it advisable to just disable SSLv3 in the httpd.conf under /var/sec/chroot-httpd/etc/httpd ?, i.e. make the "SSLProtocol all -SSLv2" to a "SSLProtocol all -SSLv2 -SSLv3" like on any other Apache Webserver?

All the best,

maybeageek

Poodle: Google Finds Vulnerability In SSL 3.0 Web Encryption - Slashdot
Test if a server is vulnerable: openssl s_client -connect IPofAPACHE:443 -ssl3

This thread was automatically locked due to age.

Parents

0 jdobiash over 10 years ago

Not being a Unix person, I'd like some specific instructions on how to disable SSL3 on my UTM425. It appears that all of the web servers i'm protecting through it show SSL3 enabled, even if I disable it on the actual web server. I'm assuming it's becuase the UTM is opening a new SSL connection between the client and itself independent of the one that is opened between the server and the UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jdobiash over 10 years ago

Not being a Unix person, I'd like some specific instructions on how to disable SSL3 on my UTM425. It appears that all of the web servers i'm protecting through it show SSL3 enabled, even if I disable it on the actual web server. I'm assuming it's becuase the UTM is opening a new SSL connection between the client and itself independent of the one that is opened between the server and the UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data