Highest Voted 'poodle' Questions - Server Fault Stack Exchange

2

votes

2 answers

How to disable SSLv3 on esxi5.5

I tried to disable the SSLv3 and enable the TSLv1.2 on my esxi server by changing the following options on /etc/vmware/rhttpproxy/config.xml by adding TLSv1.2. and restarted the hostd and rhttpproxy services. But, It is making the vspere client to…

vmware-esxi openssl poodle

asked Sep 24 '15 at 09:39

shashi

51
2
5

2

votes

1 answer

Cannot disable SSL in courier-imap

I cannot disable SSLv2\v3 in courier-imap. In imapd-ssl config I have following: TLS_CIPHER_LIST="ALL:!SSLv2:!SSLv3:!ADH:!NULL:!EXPORT:!DES:!LOW:@STRENGTH" According, to openssl - SSL is disabled by this entry [root@a10-52-79-181 ~]# openssl…

ssl courier-imap poodle

asked Mar 10 '15 at 09:25

Starl1ght

123
4

2

votes

1 answer

IIS Site breaks after disabling SSLv3

I am trying to disable SSLv3 on a 2008 R2 web server that runs IIS 7.5 but as soon as I disable SSLv3 and reboot, the website is no longer reachable. I ran a packet capture with SSLv3 still enabled and my client is establishing a TLS 1.2 connection…

windows-server-2008-r2 ssl iis-7.5 tls poodle

asked Nov 26 '14 at 22:17

n0mad

21
2

2

votes

0 answers

Apache: After disabling SSLv3 for POODLE, can't connect with openssl or java without first specifying -tls1

Recently we updated our mod_ssl config to disable SSLv3 for the POODLE attack, and that seems to be working. However, old clients (java 1.6 apps of ours, openssl 0.9.8za on my mac) get a handshake error, unless we specify TLSv1 in the code/command…

linux openssl apache-2.4 poodle

asked Oct 24 '14 at 18:05

Steve R.

134
1
7

2

votes

2 answers

POODLE Ciphers !SSLv3 = Protocol or cipher suite mismatch

According to: ANNOUNCE: Pound - reverse proxy and load balancer - v2.7d / Robert Segall , following enhancement was added: - added "Disable PROTO" directives (fix for Poodle vulnerability) My system: [root@6svprx01 ~]# uname -a Linux…

openssl pound poodle

asked Oct 23 '14 at 20:09

alexus

13,112
32
117
174

2

votes

1 answer

Can you force Windows to disallow SSL in all WINHTTP and HTTPAPI system calls?

Title says it all. Is there a registry setting or something that will prevent the Windows built-in libraries: WINHTTP and HTTPAPI to not support SSL3?

windows poodle

asked Oct 23 '14 at 14:56

jmucchiello

215
1
2
6

1

vote

2 answers

Unable to disable SSLv3 in Apache for POODLE

One of my client wanted me to upgrade openssl and Apache on his server because he want to receive an A from SSLLabs. I went ahead and upgraded to Apache 2.4.18 and openssl to version 1.0.2e. I then modified Apache's SSL configuration to match the…

ssl apache-2.4 openssl poodle

asked Jan 21 '16 at 13:56

David Bélanger

227
1
2
12

1

vote

1 answer

Google Poodle - SSL and TLS

I am trying to understand this Google Poodle vulnerability slightly better. So I have a server, one thing I need to do is disable SSL. This is not a problem as the number of users that still use SSL will be low (Windows XP - IE6 I believe). So,…

ssl tls poodle

asked Oct 15 '15 at 09:41

javapro

19
1

1

vote

1 answer

Disabling SSLv3 and SSLv2 Protocol On My Ubuntu 14.04 Server

I recently installed a SSL Certificate on my server. Then I tried out this tool to test my newly installed SSL certificate on my server and see if there is no problem. It turned out that it has a problem with SSL 3 protocol, saying that it is…

ssl poodle

asked May 13 '15 at 06:15

Gary Dapogi

19
1
3

1

vote

0 answers

Disabled SSLv3 in Tomcat, but Still Showing POODLE Vulnerability

I have a Windows 2008 server with Tomcat 7.0.59 & Java 8u31 & I am trying to ensure that SSLv3 is disabled. Looking at the changelog for Java, SSL3 should no longer be supported and the Java Control Panel doesn't even have a checkbox to enable it in…

ssl tomcat java poodle

asked Feb 27 '15 at 00:38

Dustin Luck

11
4

1

vote

2 answers

How to disable SSLv1/SSLv2/SSLv3 protocols to block Poodle to Apache 2.4.9 on Windows Server 2008 R2?

How can I disable SSLv1, SSLv2 and SSLv3 protocols on Apache 2.4.9 installed on a Windows Server 2008 R2 as a service? (I am not using IIS.) I still want to have TLSv1.2 protocol on my server. Here are some of my environment…

windows-server-2008 ssl apache-2.4 tls poodle

asked Jan 20 '15 at 17:44

Mike

265
6
13

1

vote

0 answers

Disable SSL3 on tomcat4

I have a very old web application that uses tomcat4. B/c of the poodle vulnerability I need to disable SSL3 and disable a bunch of weak ciphers. My connector looks like this, but apparently according to www.ssllabs.com I still have SSL3 enabled. …

ssl tomcat tls poodle

asked Nov 25 '14 at 14:00

jeff.eynon

111
2

1

vote

1 answer

What ciphers are compatible with both Java 6/Tomcat 7 and IE8 (XP)?

I have disabled SSL3 and restricted the ciphers available to a recommended set but now I can't access my server using IE8 on Windows XP. If I allow all ciphers then I can connect using IE8 but when I specify a restricted set of ciphers I can't.…

java tomcat7 internet-explorer-8 ssl poodle

asked Nov 19 '14 at 18:03

Edd

113
1
6

1

vote

2 answers

POODLE: SSLv3 vulnerability (CVE-2014-3566) with Apache24 on FreeBSD-9.2

I'm using FreeBSD 9.2-RELEASE-p5 with apache24-2.4.10_2 package. According to CVE-2014-3566 (POODLE), I went ahead and disabled SSLProtocol -SSLv3 following by restart of apache24 service, yet after running checks it seems like SSLv3 still…

security freebsd apache-2.4 poodle

asked Oct 16 '14 at 15:46

alexus

13,112
32
117
174

0

votes

1 answer

Enabling SSLv3 in Weblogic 12

Yes, I know this is generally a bad idea, but we have a short-term need to do it. Following this: https://docs.oracle.com/middleware/1221/wls/SECMG/ssl_version.htm#SECMG637 We have set -Dweblogic.security.SSL.minimumProtocolVersion=SSLv3…

ssl java weblogic poodle

asked Jan 10 '20 at 12:35

The Archetypal Paul

783
7
20

Questions tagged [poodle]