On Thu, Jun 11, 2015 at 09:43:24PM +0000, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > Hi All, > > To resolve openSSL POODLE vulnerability we need to disable the SSLv3. In our > application we have using openSSL through Apache. We have disabled using the > below lines. > > SSLProtocol all -SSLv2 -SSLv3 > > We are using 443 as SSL port. The command openssl s_client -connect > <IPAddress>:443 -ssl3 shows the handshake failure message for 443 port. But > for the ports 3333 and 4444 is connecting using SSLv3. The scanner as well > report the high severity risk for those ports. In our application we are > using those ports for syslog related tasks. If we change the port some other, > then the scanner shows the new port in the list. > > How to disable the SSLv3 connection for those ports as well since may > customers are waiting for the fix. Your suggestion is much appreciated.
There are 2 solutions: - Change the configuration of syslog to disable SSLv3. Not sure it can actually be configured. - Build your openssl with SSLv3 disabled. Kurt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
