POODLE: SSLv3 vulnerability (CVE-2014-3566)
Posted: Thu Oct 23, 2014 5:33 pm
1.Linux Distribution and version? Red Hat Enterprise Linux 6.6
2.32 or 64bit? 64bit
3.VMware Image or Manual Install of XI? Manual install
4.Are there special configurations on your system, ie; is Gnome installed? Are you using a proxy? Are you using SSL? Using SSL
I wanted to know if the version of SSL that Nagios uses is affected by this vulnerability that Red Hat reported last week:
https://access.redhat.com/articles/1232123
I used the Nagios document provided by the knowledgebase to configure SSL on the Web frontend titled "How to Configure SSL for Nagios XI".
http://assets.nagios.com/downloads/nagi ... s%20XI.pdf
Red Hat has a script that detects open Apache connections and sees if they are using a SSLv3. I explicitly changed the /etc/httpd/conf.d/ssl.conf file to exclude SSLv2, SSLv3 in the SSLProtocols and restarted the Apache service but the Red Hat script still says there are SSLv3 connections. How do I disable the SSLv3 protocol from being used?
2.32 or 64bit? 64bit
3.VMware Image or Manual Install of XI? Manual install
4.Are there special configurations on your system, ie; is Gnome installed? Are you using a proxy? Are you using SSL? Using SSL
I wanted to know if the version of SSL that Nagios uses is affected by this vulnerability that Red Hat reported last week:
https://access.redhat.com/articles/1232123
I used the Nagios document provided by the knowledgebase to configure SSL on the Web frontend titled "How to Configure SSL for Nagios XI".
http://assets.nagios.com/downloads/nagi ... s%20XI.pdf
Red Hat has a script that detects open Apache connections and sees if they are using a SSLv3. I explicitly changed the /etc/httpd/conf.d/ssl.conf file to exclude SSLv2, SSLv3 in the SSLProtocols and restarted the Apache service but the Red Hat script still says there are SSLv3 connections. How do I disable the SSLv3 protocol from being used?