SSLv3 Poodle vulnerability

Answered Question
Oct 15th, 2014
User Badges:

Does anyone have any more info on the SSLv3 Poodle vulnerability in that are any of the Cisco switches, in particular the ACE load balancer (If they do SSL offloading) vulnerable to this?

http://www.wired.com/2014/10/poodle-explained/

If so, if there a way to disable SSLv3?

Correct Answer by dciccaro about 2 years 5 months ago

Please take a look at

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

The list of products (both vulnerable and not vulnerable) will be updated as the assessment is complete.

Please keep monitoring the published security advisory for updates.

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
johansens Thu, 10/16/2014 - 07:24
User Badges:
  • Silver, 250 points or more

To disable SSLv3, do something like this:

parameter-map type ssl PARAMMAP_SSL
  cipher RSA_WITH_3DES_EDE_CBC_SHA
  cipher RSA_WITH_AES_128_CBC_SHA priority 2
  cipher RSA_WITH_AES_256_CBC_SHA priority 3
  version TLS1

ssl-proxy service SSL_PSERVICE_SERVER
  ssl advanced-options PARAMMAP_SSL

(Omitted all the other important, but not to this exact solution, stuff in the ssl-proxy config)

gmccarthy1 Wed, 10/15/2014 - 23:07
User Badges:

Thanks for the link - will monitor to see when Cisco update the effected products. 

dciccaro Wed, 10/15/2014 - 13:30
User Badges:
  • Cisco Employee,

For the benefit of those that may not have access to the tool you're asking about - here's a public link that doesn't require credentials:

https://access.redhat.com/articles/1232123

No, Cisco has no plans to make any kind of tool available to test clients or servers (either Cisco products or third party products) for this vulnerability.

Actions

This Discussion