Jump to content


Photo

SSL POODLE Fix?

SAV SSL POODLE

  • Please log in to reply
1 reply to this topic

#1 David Goldsmith

David Goldsmith
  • Members
  • 2 posts

Posted 20 October 2014 - 10:02 AM

We are running firmware 6.1.2.003.   Looking through the web interface, I see how to enable or disable SSL support for SMTP and for the secure administration web page, but I don't see a way to manipulate the list of acceptable SSL ciphers and protocols to ensure that SSLv2 and SSLv3 are not accepted.

 

Is there a way via the web interface or via connecting to the appliance console to manipulate the valid SSL ciphers and protocols?

 

Thanks,

Dave



#2 Jaybone

Jaybone
  • Members
  • 109 posts

Posted 20 October 2014 - 10:11 AM

I think the only answer at this point is, "upgrade to latest FW."

 

Version 6.1.5.003 Web Interface
  • Fix: SSLv3 has been disabled in the Web interface to mitigate CVE-2014-3566 (SSL POODLE). [BNSF-22788]
Mail Processing
  • Enhancement: New setting on ADVANCED > Email Protocol page to allow or disallow SSLv2 and SSLv3 for incoming SMTP connections. Setting to Yes provides for greater compatibility with older mail servers. Set to No to mitigate the recently reported SSL POODLE [CVE-2014-3566] issue. [BNSF-22788]
  • Fix: Resolved an issue in the encryption module that affected transmission of outbound messages over a TLS connection to some types of mail servers. [BNSF-22782]

 

 

That said, we're having a weird issue with it, but nothing game-breaking.  In our outbound quarantine, we can't open attachments directly, but have to download the entire message, open the .eml file, and open the attachment from there.  Apparently, this is NOT normal (or intended, obviously:), from what Support has said, so I'd assume you won't experience this.