Protection Against SSL 3.0 Vulnerability (POODLE)

Version 1

    Details

    PROBLEM
    The POODLE SSLv3 vulnerability was revealed by Google to be a specific attack against SSLv3 when a browser is forced to use the fallback mechanism built into browsers. This vulnerability can be prevented by disabling SSLv3.

    ENVIRONMENT
    Various web servers being used to self-host LiveTime, including Apache and IIS. Does not apply to the LiveTime Hardware and Virtual Appliances or LiveTime On-Demand (hosted/SaaS solutions).

    RESOLUTION
    We recommend that if you run LiveTime on Apache, please follow the specific instructions for your platform found at [url=https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-poodle-sslv3-vulnerability:]DigitalOcean[/url:].

    If you host LiveTime on IIS, please follow the instructions found in [url=http://forums.HEATsoftware.com/kb.php?a=993:]KB-993[/url:].

    ADDITIONAL INFORMATION
    You can read the technical details of the vulnerability in the Security Advisory published by the members of the Google security team at [url=https://www.openssl.org/~bodo/ssl-poodle.pdf:]OpenSSL.org[/url:].


    Resolution

    PROBLEM
    The POODLE SSLv3 vulnerability was revealed by Google  to be a specific attack against SSLv3 when a browser is forced to use  the fallback mechanism built into browsers. This vulnerability can be  prevented by disabling SSLv3.

    ENVIRONMENT
    Various web  servers being used to self-host LiveTime, including Apache and IIS. Does  not apply to the LiveTime Hardware and Virtual Appliances or LiveTime  On-Demand (hosted/SaaS solutions).

    RESOLUTION
    We  recommend that if you run LiveTime on Apache, please follow the specific  instructions for your platform found at  [url=https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-poodle-sslv3-vulnerability:]DigitalOcean[/url:].

    If  you host LiveTime on IIS, please follow the instructions found in  [url=http://forums.HEATsoftware.com/kb.php?a=993:]KB-993[/url:].

    ADDITIONAL INFORMATION
    You  can read the technical details of the vulnerability in the Security  Advisory published by the members of the Google security team at  [url=https://www.openssl.org/~bodo/ssl-poodle.pdf:]OpenSSL.org[/url:].