Hmm. This is interesting.
pentest-tools.com says that neither our server nor the customer server
is vulnerable to POODLE.
But Site24x7.com says ours IS vulnerable to POODLE. Then (when I click
"View Result") it says it isn't. Then (when I actually run the test
again) it once again says it is. (I haven't tested the customer site
because results are posted on the test home page, which would compromise
the customer's privacy.)
Some other POODLE test sites don't appear to work at all. Others say
we're not vulerable.
Manually testing both servers with
curl -v3 -X HEAD https://www.example.com
from a BASH session on my Mac, as per
<http://chrisburgess.com.au/how-to-test-for-the-sslv3-poodle-vulnerability/>
comes back with the desired "failed handshake" message on both servers.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org