Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 33 replies
  • Subscribers 4 subscribers
  • Views 87170 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New SSL vulnerability "Poodle" and the Userportal

maybeageek
Hi all,

I just found out about poodle and tested my UTM for it: It sure is vulnerable... and of course the Userportal is exposed. The Webadmin is not available form outside though.

As long as there is no fix from Sophos is it advisable to just disable SSLv3 in the httpd.conf under /var/sec/chroot-httpd/etc/httpd ?, i.e. make the "SSLProtocol all -SSLv2" to a "SSLProtocol all -SSLv2 -SSLv3" like on any other Apache Webserver?

All the best,

maybeageek

Poodle: Google Finds Vulnerability In SSL 3.0 Web Encryption - Slashdot
Test if a server is vulnerable: openssl s_client -connect IPofAPACHE:443 -ssl3


This thread was automatically locked due to age.
Parents
  • 0 
    Today I came across a site giving a CC command on how to disable SSLv3 in the UTM's proxy. It appears that the proxy still accepts SSLv3 traffic even with the latest patches applied (9.209-8).

    

    Right now I have a GPO that kills SSLv3 for IE, Google Chrome has disabled it by default, but firefox will also need to disable it and maybe more browsers will need to be individually adjusted.

    

    A better way would be when the proxy just doesn't allow SSLv3 and this should be possible according to this PDF (on a site unknown to me):

    

    http://blog.shabakeh.net/wp-content/uploads/2014/10/POODLE-Sophos.pdf

    

    Before I just start putting those commands in the shell, I would like to know if anyone else can say that this is indeed safe, or knows of any other way to just hold SSLv3 traffic at the perimeter in stead of at every inidividual browser.
    
				                    
    
                
    

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
    
            
    
        	
    

		
		
		
		
	
    
	
    
		
    
			
		
    
	
    
	
    
		
						
				
				
				
				
				
		
		
    
			
		
    
	
    

    

    • 

	

  • 
	
    



	
		
	
	



    
	
    
		
    
							
					
    
		
    
			
													0
							
			
				
									
							
						
				
			
												
						in reply to apijnappels
					
									
    
	
    

		
		
    
					
    It appears that the proxy still accepts SSLv3 traffic even with the latest patches applied (9.209-8).

    

    

    Hi, have you reported this to your reseller and/or Sophos?

    

    Barry
    
				                    
    
                
    
            
    
        	
    

		
		
		
		
	
    
	
    
		
    
			
		
    
	
    
	
    
		
						
				
				
				
				
				
		
		
    
			
		
    
	
    

    

    • 

	




Reply



Children
	
    
	

  • 
	
    



	
		
	
	



    
	
    
		
    
							
					
    
		
    
			
													0
							
			
				
									
							
						
				
			
												
						in reply to BarryG
					
									
    
	
    

		
		
    
					
    Hi, have you reported this to your reseller and/or Sophos?

    

    Barry
    

    

    No I didn't. I will make a call with my reseller and see what happens. Thanks for the tip!
    
				                    
    
                
    

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
    
            
    
        	
    

		
		
		
		
	
    
	
    
		
    
			
		
    
	
    
	
    
		
						
				
				
				
				
				
		
		
    
			
		
    
	
    

    

    • 

	


		
			





















































			











Unfiltered HTML