Dear customers,
You have probably noticed that a new vulnerability has hit OpenSSL. The new attack, called POODLE, is not as serious as Shellshock or Heartbleed.
However, it's still better to take action to avoid problems. The only thing you have to do is disable SSLv3 support. To do this, you can follow this guide:
Here is a summary of the information provided by the above website.
NGINX
change:
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
to:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Apache
SSLProtocol ALL -SSLv2 -SSLv3
For more information about this new vulnerability:
* Search for "CVE-2014-3566"
Testing if you are vulnerable
Save this script as poodle.sh:
echo | timeout 3 openssl s_client -connect $1:443 >/dev/null 2>&1; if [[ $? != 0 ]]; then echo "UNKNOWN: $1 timeout or connection error"; else echo | openssl s_client -connect $1:443 -ssl3 2>&1 | grep -qo "sslv3 alert handshake failure" && echo "OK: $1 Not vulnerable" || echo "FAIL: $1 vulnerable; sslv3 connection accepted"; fi
Run it against your server.
user@Server ~ $ bash poodle.sh anycloud.abiquo.com
OK: anycloud.abiquo.com Not vulnerable
0 Comments