cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
22437
Views
5
Helpful
5
Replies

SSLv3 Poodle vulnerability

Greg McCarthy
Level 1
Level 1

Does anyone have any more info on the SSLv3 Poodle vulnerability in that are any of the Cisco switches, in particular the ACE load balancer (If they do SSL offloading) vulnerable to this?

http://www.wired.com/2014/10/poodle-explained/

If so, if there a way to disable SSLv3?

1 Accepted Solution

Accepted Solutions

dciccaro
Cisco Employee
Cisco Employee

Please take a look at

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

The list of products (both vulnerable and not vulnerable) will be updated as the assessment is complete.

Please keep monitoring the published security advisory for updates.

 

View solution in original post

5 Replies 5

dciccaro
Cisco Employee
Cisco Employee

Please take a look at

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

The list of products (both vulnerable and not vulnerable) will be updated as the assessment is complete.

Please keep monitoring the published security advisory for updates.

 

Do you have a tool like the Redhat SSLv3 (POODLE) Detector?

For the benefit of those that may not have access to the tool you're asking about - here's a public link that doesn't require credentials:

https://access.redhat.com/articles/1232123

No, Cisco has no plans to make any kind of tool available to test clients or servers (either Cisco products or third party products) for this vulnerability.

Thanks for the link - will monitor to see when Cisco update the effected products. 

johansens
Level 4
Level 4

To disable SSLv3, do something like this:

parameter-map type ssl PARAMMAP_SSL
  cipher RSA_WITH_3DES_EDE_CBC_SHA
  cipher RSA_WITH_AES_128_CBC_SHA priority 2
  cipher RSA_WITH_AES_256_CBC_SHA priority 3
  version TLS1

ssl-proxy service SSL_PSERVICE_SERVER
  ssl advanced-options PARAMMAP_SSL

(Omitted all the other important, but not to this exact solution, stuff in the ssl-proxy config)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: