Vulnerability CVE-2014-3566 of SSL 3.0 (aka POODLE)

The other day, a serious vulnerability (CVE-2014-3566) has been discovered in SSL 3.0. This vulnerability has been commonly called ‘POODLE’.
An attacker can steal sensitive information on the website such as private account data for the user password, cookie, etc. to exploit this vulnerability.
Even if the web server supports a newer version of TLS, it is vulnerable to the POODLE SSL 3.0 case.
If you are using SSL on a site that you are operating in Amimoto AMI, it is recommended that you disable the SSL3.0 support immediately.

Users of Self-Managed Amimoto AMI

In Amimoto AMI, SSL is disabled at initial startup, so you will not be affected by this vulnerability.

However, if you have enabled the SSL on your own, you need to review the setting of ssl_protocols directive in the configuration file of Nginx.

ssl_protocols directive is not set if default SSLv3 TLSv1 TLSv1.1 TLSv1.2, SSL3.0 support.

Please reset to not support SSL 3.0 as follows:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Check this module: ngx_http_ssl_module

 

Users of Amimoto AMI Managed Hosting

In Amimoto AMI Managed Hosting Plan, it offers the SSL option.

Previously, clients are entitled to choose the SSL setting as a custom plan. In all servers of the Amimoto AMI Managed Hosting, this has been configured to disable the support of SSL 3.0, so the users will not be affected by this vulnerability.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk