Ticket #797 (closed maintenance: fixed)
POODLE: SSLv3.0 vulnerability (CVE-2014-3566)
| Reported by: | chris | Owned by: | chris |
|---|---|---|---|
| Priority: | major | Milestone: | Maintenance |
| Component: | Live server | Keywords: | |
| Cc: | ed, annesley, paul, sam | Estimated Number of Hours: | 0.0 |
| Add Hours to Ticket: | 0 | Billable?: | yes |
| Total Hours: | 0.25 |
Description
Check which serives are available with SSLv3.0, see:
- https://access.redhat.com/articles/1232123
- https://www.openssl.org/~bodo/ssl-poodle.pdf
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3566
and disable SSLv3.0 where it is being offered.
Change History
comment:2 Changed 2 years ago by chris
This will be fixed for PuffinServer by ticket:798
comment:3 Changed 2 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Status changed from new to closed
- Resolution set to fixed
- Total Hours changed from 0.0 to 0.25
PenguinServer and ParrotServer were vulnerable:
- https://www.ssllabs.com/ssltest/analyze.html?d=parrot.transitionnetwork.org&hideResults=on
- https://www.ssllabs.com/ssltest/analyze.html?d=penguin.transitionnetwork.org&hideResults=on
On PenguinServer, find the files to edit:
cd /etc/nginx/ grep -rli sslv3 . ./sites-available/stats ./sites-available/tech ./sites-available/static ./sites-available/default ./sites-available/intransitionmovie ./sites-available/penguin ./sites-available/ttarchive ./sites-available/wiki.bak ./sites-available/patterns ./sites-available/wiki
Edit in vim:
:1,$s/ssl_protocols SSLv3 /ssl_protocols /gc
Restart Nginx.
ParrotServer edit /etc/apache2/mods-available/ssl.conf
#SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
Restart Apache.
Note: See
TracTickets for help on using
tickets.
A couple more links: