This week a security flaw was discovered in the design of SSL v3. This would allow an attacker to decrypt encrypted with this method connections. For more information, see the note following CVE CVE-2014-3566 or OpenSSL report.
Since when does it exist?
SSL v3 is a 18 year old technology and the fault is so deep that its designers not will correct it. SSL v3 is now an obsolete and non-secure solution.
How to check if I am impacted?
To check if you are affected, you can consult the following article: https://support.ikoula.com/index-1-2-2966.html
How to fix the?
To correct this flaw, we recommend that you disable SSL v3 support in your applications. The latter is already strongly replaced by the use of TLS. The impact of its deactivation may be very low. Everything depends on your configurations
We invite you to consult the following a few KB for more information about the patch to correct the problem:
- Apache SSL - go to apache2 or another web service
- Apache2 https://support.ikoula.com/index-1-2-2965.html
- Plesk linux https://support.ikoula.com/index-1-2-2965.html
- IIS https://support.ikoula.com/index-1-2-2969.html
- If your OS is always maintained, apply the latest updates. Most makers have applied a patch disabling SSL v3, notably for the openssl and gnutls. packages
If you have a shared benefit or complete outsourcing know that our teams have already been required.
Add new comment