Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
23288
Views
5
Helpful
5
Replies

SSLv3 Poodle vulnerability

Go to solution
Greg McCarthy
Level 1
Level 1

‎10-15-2014 06:03 AM - last edited on ‎03-25-2019 04:30 PM by Community Manager

Does anyone have any more info on the SSLv3 Poodle vulnerability in that are any of the Cisco switches, in particular the ACE load balancer (If they do SSL offloading) vulnerable to this?

http://www.wired.com/2014/10/poodle-explained/

If so, if there a way to disable SSLv3?

7 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dciccaro
Cisco Employee
Cisco Employee

‎10-15-2014 12:50 PM

Please take a look at

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

The list of products (both vulnerable and not vulnerable) will be updated as the assessment is complete.

Please keep monitoring the published security advisory for updates.

 

View solution in original post

5 Replies 5

Go to solution
dciccaro
Cisco Employee
Cisco Employee

‎10-15-2014 12:50 PM

Please take a look at

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

The list of products (both vulnerable and not vulnerable) will be updated as the assessment is complete.

Please keep monitoring the published security advisory for updates.

 

Go to solution
TarheelsRock1
Level 1
Level 1
In response to dciccaro

‎10-15-2014 01:20 PM

Do you have a tool like the Redhat SSLv3 (POODLE) Detector?

0 Helpful

Go to solution
dciccaro
Cisco Employee
Cisco Employee
In response to TarheelsRock1

‎10-15-2014 01:30 PM

For the benefit of those that may not have access to the tool you're asking about - here's a public link that doesn't require credentials:

https://access.redhat.com/articles/1232123

No, Cisco has no plans to make any kind of tool available to test clients or servers (either Cisco products or third party products) for this vulnerability.

0 Helpful

Go to solution
Greg McCarthy
Level 1
Level 1
In response to dciccaro

‎10-15-2014 11:07 PM

Thanks for the link - will monitor to see when Cisco update the effected products. 

0 Helpful

Go to solution
johansens
Level 4
Level 4

‎10-16-2014 07:24 AM

To disable SSLv3, do something like this:

parameter-map type ssl PARAMMAP_SSL
  cipher RSA_WITH_3DES_EDE_CBC_SHA
  cipher RSA_WITH_AES_128_CBC_SHA priority 2
  cipher RSA_WITH_AES_256_CBC_SHA priority 3
  version TLS1

ssl-proxy service SSL_PSERVICE_SERVER
  ssl advanced-options PARAMMAP_SSL

(Omitted all the other important, but not to this exact solution, stuff in the ssl-proxy config)

0 Helpful
Top