Stack Overflow
Stack Overflow

Questions tagged [poodle-attack]

The POODLE (short for "Padding Oracle On Downgraded Legacy Encryption") attack is a man-in-the-middle exploit which takes advantage of web browsers' fallback to SSL 3.0.

The POODLE (short for "Padding Oracle On Downgraded Legacy Encryption") attack is a man-in-the-middle exploit which takes advantage of web s' fallback to 3.0 which was disclosed on September 2014.

Its CVE ID is CVE-2014-3566.

74 questions
1
vote
1 answer

SSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number error when disabling ssl and enabling TLS

I am trying to disable SSL on my tomcat and trying to send request for my app on TLS Port but I am getting the following Error: Failure in POSTing request to Manager: [SSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version…
mahan07
  • 887
  • 4
  • 14
  • 32
1
vote
1 answer

How to disable SSL in IBM Websphere 6 and its impact?

Considering the POODLE attack, I want to disable the SSLv3 in my web app deployed on IBM WebSphere 6. There are a few concerns I cant address: 1. How to disable SSL and enable TLS in WAS 6.0 and 6.1? 2. When a client hits the url of my application…
Yasha
  • 161
  • 1
  • 4
  • 13
1
vote
1 answer

How to Check if a WPF based Thick Client application uses Transport Layer Security(TLS) or not

We have a Windows based Desktop Thick Client App with front end built over WPF+Telerik and backend communication using WCF Web Services. Right now the communication is happening over SSL3.0 Due to recent security issues with SSL3.0 it has been…
Murali Krishna Chaturvedi
  • 13
  • 1
  • 8
1
vote
0 answers

enable TLS 1.0 in windows server 2008

Our production server is running on Windows Server 2008 and currently has SSL 2.0 enabled. We are looking to migrate to TLS 1.0 protocol, we did find some help online as how to disable SSL and enable TLS 1.0 in the registry. We have various LIVE…
user678229
  • 301
  • 3
  • 21
1
vote
0 answers

Google Chrome 39 still refuses my SSL website despite I updated httpd-ssl.conf

Here is my environment : Server RHEL 6.3, Apache 2.2.15 ,Tomcat 6, OpenSSL 1.0.0-fips In order to eliminate the Poodle vulnerability in Google Chrome 39, I’m trying since a couple of days to block SSL 2 and SSL 3 in my config files, but my server…
Bobo MS
  • 11
  • 1
1
vote
0 answers

How to disable SSLv3 from openSSL 0.9.8zc

I've a server with openSSL 0.9.8zc, that browser can access to it. I'm trying to protect the server from POODLE attack, by disable SSLv3 from openSSL The server is build in MSDEV 2005 I've modified the file: openssl\Configure and add to the…
Omer Rubin
  • 11
  • 3
1
vote
1 answer

Is JBoss 7.1 is vulnerable to POODLE: SSLv3 vulnerability (CVE-2014-3566) in Windows

We are using JBoss 7.1 in our application on Windows platform. Is this particular version of JBoss vulnerable to POODLE??
Sivasankar
  • 51
  • 2
  • 11
1
vote
1 answer

IIS Disable SSLv3 - Does it impact outgoing requests?

I've seen descriptions elsewhere about modifying the registry to have IIS disable SSLv3. But, it isn't clear to me if this will impact both incoming requests to the server as well as outgoing requests. I have code connecting to Authorize.Net using…
Mike
  • 87
  • 1
  • 8
1
vote
1 answer

Oracle HTTP Server (OHS) Apache 2.2.13 Poodle SSLv3 Fix?

I applied the POODLE fix for apache via "SSLProtocol All -SSLv2 -SSLv3" in the ssl.conf file for our apache server but am having issues with the CAC Client authentication via "SSLVerifyClient require". I have confirmed if I set "SSLVerifyClient…
emvee
  • 304
  • 4
  • 17
1
vote
3 answers

Does Cast Iron legacy version 5 support TLS?

I inherited a Cast Iron appliance which reports that it is version 5.0.1.5 - several years old and off support. This is mostly used to talk to Salesforce, who just sent us an email saying they are turning off SSL 3.0 in a few weeks. POODLE. Can…
Dave Durant
  • 11
  • 3
1
vote
2 answers

Am I vulnerable to POODLE / SSLv3 enabled test

So this is a relatively new problem. My website is running on a Apache2 server deployed on an OPENSuse 10 Enterprise. As far as I've read there is a simple command line test: openssl s_client -connect mysite.com:443 -ssl3 Supposedly, if this…
Cata Visan
  • 91
  • 2
  • 3
  • 13
1
vote
2 answers

Poodle config for Tomcat 7 blocks IE8 on XP

I have configured our Tomcat 7 (jdk 7) server to only accept TLS (1, 1.1 & 1.2) protocols, to address POODLE. I have also disabled all DH cipher suites to achieve PCI DSS compliance. Unfortunately this blocks all requests from IE8 browsers (on XP).…
Kevin
  • 21
  • 2
1
vote
1 answer

Can I turn off SSLv3.0 in NancyFX? (POODLE)

I'm running a web app with a C# backend on self-hosting NancyFX. I have tried googling, but I really can not find any information on whether it is possible to turn of SSL 3 in Nancy. Is it possible, and if so, how? Please feel free to ask for…
Adrian Schmidt
  • 1,886
  • 22
  • 35
1
vote
0 answers

PHP SoapClient and Poodle?

I see that there is a SOAP_SSL_METHOD parameters in the SoapClient, but the details on what it does and how it does it are not as specific. There is a comment on the PHP documentations that the SoapClient in php defaults to SSLv23, but is this…
Scott
  • 7,983
  • 2
  • 26
  • 41
1
vote
0 answers

Disable SSLv3 in Openfire

How do you disable SSLv3 protocol in Openfire and make it use only TLS ? I am using Openfire 3.8.2 version.Is it any changes related to Jetty ?
PARIKSHITH Mj
  • 21
  • 3
1 2
3
4 5