Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSLv3 Poodle vulnerability

Does anyone have any more info on the SSLv3 Poodle vulnerability in that are any of the Cisco switches, in particular the ACE load balancer (If they do SSL offloading) vulnerable to this?

http://www.wired.com/2014/10/poodle-explained/

If so, if there a way to disable SSLv3?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Please take a look athttp:/

Please take a look at

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

The list of products (both vulnerable and not vulnerable) will be updated as the assessment is complete.

Please keep monitoring the published security advisory for updates.

 

5 REPLIES
Cisco Employee

Please take a look athttp:/

Please take a look at

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

The list of products (both vulnerable and not vulnerable) will be updated as the assessment is complete.

Please keep monitoring the published security advisory for updates.

 

New Member

Do you have a tool like the

Do you have a tool like the Redhat SSLv3 (POODLE) Detector?

Cisco Employee

For the benefit of those that

For the benefit of those that may not have access to the tool you're asking about - here's a public link that doesn't require credentials:

https://access.redhat.com/articles/1232123

No, Cisco has no plans to make any kind of tool available to test clients or servers (either Cisco products or third party products) for this vulnerability.

New Member

Thanks for the link - will

Thanks for the link - will monitor to see when Cisco update the effected products. 

Silver

To disable SSLv3, do

To disable SSLv3, do something like this:

parameter-map type ssl PARAMMAP_SSL
  cipher RSA_WITH_3DES_EDE_CBC_SHA
  cipher RSA_WITH_AES_128_CBC_SHA priority 2
  cipher RSA_WITH_AES_256_CBC_SHA priority 3
  version TLS1

ssl-proxy service SSL_PSERVICE_SERVER
  ssl advanced-options PARAMMAP_SSL

(Omitted all the other important, but not to this exact solution, stuff in the ssl-proxy config)

15194
Views
5
Helpful
5
Replies