SSLv3 in websphere

Asked Oct 27 '15 at 03:30

Active Oct 27 '15 at 03:30

Viewed 129 times

Is there any other way apart from openssl/netstat to check sslv3 existence.

I am using websphere application server version 8.5.5.6, according to IBM 8.5.5.4 and later versions will have the remediation for disabling sslv3 by default. Added i just double checked using openssl and netstat to find its presence

My result received as per my expectations as

"SSL Handshake failure Exception"

but when my application goes for scan it fails and falls under the poodle attack. My server is configured in a way that all application servers uses TLv1 and webserver uses TLSv2.... Is there anything that i should be more focused here? Any thoughts?

asked Oct 27 '15 at 03:30

Vicky

`netstat` can't check different versions of SSL/TLS (or anything else); did you maybe mean `nmap`? By openssl I assume you mean `s_client` with, perhaps among other things, `-ssl3`? Which version of openssl? Does the scan give any details what they did to check? Do you have any relevant log or trace on the server side? – dave_thompson_085 Oct 27 '15 at 05:37

SSLv3 in websphere

0 Answers0