This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New SSL vulnerability "Poodle" and the Userportal

Hi all,

I just found out about poodle and tested my UTM for it: It sure is vulnerable... and of course the Userportal is exposed. The Webadmin is not available form outside though.

As long as there is no fix from Sophos is it advisable to just disable SSLv3 in the httpd.conf under /var/sec/chroot-httpd/etc/httpd ?, i.e. make the "SSLProtocol all -SSLv2" to a "SSLProtocol all -SSLv2 -SSLv3" like on any other Apache Webserver?

All the best,

maybeageek

Poodle: Google Finds Vulnerability In SSL 3.0 Web Encryption - Slashdot
Test if a server is vulnerable: openssl s_client -connect IPofAPACHE:443 -ssl3

This thread was automatically locked due to age.

Parents

0 skm over 10 years ago

I mean how dangerous is this configuration for UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 skm over 10 years ago

I mean how dangerous is this configuration for UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 twister5800 over 10 years ago in reply to skm

I mean how dangerous is this configuration for UTM.

Don't know really....other thing is, is this supported on the WAF and will it stop functioning correctly?!? - Lot of testing to do [:)]

-----

Best regards
Martin

Sophos XGS 2100 @ Home | Sophos v20 Technician
Cancel
Vote Up 0 Vote Down

Cancel