Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

SSLv3 POODLE on v7.1 IPS

CSCur29000 states "No release planned to fix this bug."  I understand that this is covered with version 7.3(2), which I have running on one of my 5512-X firewalls.  But what about the SSM-10's that only run the 7.1 series?  7.1(9) was just released which finally fixes the OpenSSL heartbleed issue from June.  It doesn't appear to fix this issue.  When can we expect to get this fixed on a currently supported product?

 

Thanks,

Mike

 

Everyone's tags (1)
2 REPLIES
Community Member

TAC provided a fix for this. 

TAC provided a fix for this.  Use the method described here:

https://tools.cisco.com/bugsearch/bug/CSCsk85023/

 

Remove this line:

TLS_RSA_WITH_3DES_EDE_CBC_SHA=1

 

Problem solved.  Hopefully this will help someone else who needs to know this.

 

Community Member

Tried this one on of my 4260

Tried this on one of my 4260's and are most recent vulnerability scan is still picking up the IPS as vulnerable to POODLE.

Given that the IPS is technically supported until 2018, I'm having a hard time convincing the business that they need to upgrade it just yet.

Was there anything else you needed to do other than what was documented in the link?

546
Views
0
Helpful
2
Replies
CreatePlease to create content