[openssl-dev] Openssl Poodle Vulnerability Clarification
Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco)
kannanar at cisco.com
Thu Jun 11 21:43:24 UTC 2015
Hi All,
To resolve openSSL POODLE vulnerability we need to disable the SSLv3. In our application we have using openSSL through Apache. We have disabled using the below lines.
SSLProtocol all -SSLv2 -SSLv3
We are using 443 as SSL port. The command openssl s_client -connect <IPAddress>:443 -ssl3 shows the handshake failure message for 443 port. But for the ports 3333 and 4444 is connecting using SSLv3. The scanner as well report the high severity risk for those ports. In our application we are using those ports for syslog related tasks. If we change the port some other, then the scanner shows the new port in the list.
How to disable the SSLv3 connection for those ports as well since may customers are waiting for the fix. Your suggestion is much appreciated.
Thanks,
Kannan Narayanasamy.
More information about the openssl-dev
mailing list