Ticket #797 (closed maintenance: fixed)

Opened 2 years ago

Last modified 2 years ago

POODLE: SSLv3.0 vulnerability (CVE-2014-3566)

Reported by: chris Owned by: chris
Priority: major Milestone: Maintenance
Component: Live server Keywords:
Cc: ed, annesley, paul, sam Estimated Number of Hours: 0.0
Add Hours to Ticket: 0 Billable?: yes
Total Hours: 0.25


Check which serives are available with SSLv3.0, see:

and disable SSLv3.0 where it is being offered.

Change History

comment:2 Changed 2 years ago by chris

This will be fixed for PuffinServer by ticket:798

comment:3 Changed 2 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Status changed from new to closed
  • Resolution set to fixed
  • Total Hours changed from 0.0 to 0.25

PenguinServer and ParrotServer were vulnerable:

On PenguinServer, find the files to edit:

cd /etc/nginx/
grep -rli sslv3 .

Edit in vim:

:1,$s/ssl_protocols SSLv3 /ssl_protocols /gc

Restart Nginx.

ParrotServer edit /etc/apache2/mods-available/ssl.conf

#SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2

Restart Apache.

Note: See TracTickets for help on using tickets.