10-15-2014 06:03 AM - last edited on 03-25-2019 04:30 PM by ciscomoderator
Does anyone have any more info on the SSLv3 Poodle vulnerability in that are any of the Cisco switches, in particular the ACE load balancer (If they do SSL offloading) vulnerable to this?
http://www.wired.com/2014/10/poodle-explained/
If so, if there a way to disable SSLv3?
Solved! Go to Solution.
10-15-2014 12:50 PM
Please take a look at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
The list of products (both vulnerable and not vulnerable) will be updated as the assessment is complete.
Please keep monitoring the published security advisory for updates.
10-15-2014 12:50 PM
Please take a look at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
The list of products (both vulnerable and not vulnerable) will be updated as the assessment is complete.
Please keep monitoring the published security advisory for updates.
10-15-2014 01:20 PM
Do you have a tool like the Redhat SSLv3 (POODLE) Detector?
10-15-2014 01:30 PM
For the benefit of those that may not have access to the tool you're asking about - here's a public link that doesn't require credentials:
https://access.redhat.com/articles/1232123
No, Cisco has no plans to make any kind of tool available to test clients or servers (either Cisco products or third party products) for this vulnerability.
10-15-2014 11:07 PM
Thanks for the link - will monitor to see when Cisco update the effected products.
10-16-2014 07:24 AM
To disable SSLv3, do something like this:
parameter-map type ssl PARAMMAP_SSL
cipher RSA_WITH_3DES_EDE_CBC_SHA
cipher RSA_WITH_AES_128_CBC_SHA priority 2
cipher RSA_WITH_AES_256_CBC_SHA priority 3
version TLS1
ssl-proxy service SSL_PSERVICE_SERVER
ssl advanced-options PARAMMAP_SSL
(Omitted all the other important, but not to this exact solution, stuff in the ssl-proxy config)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide