It is documented in the SSLv3/TLS specification that the "client hello" at the beginning of the SSL handshake can be either in the V2 or the V3 format. If it is V2 hello, the session must immediately negotiate up to the V3 protocol (which we do).
I logged into the device and ran openssl version -v at the prompt and found that it's running openSSL 0.9.8e. Which leads me to this question. CVE-2008-5077 refers to an openSSL vulnerabilty as outlined below.
The LANDesk Management appliance uses OpenSSL version 0.9.8e. Everyone using OpenSSL releases prior to 0.9.8j as an SSL/TLS client when connecting to a server whose certificate contains a DSA or ECDSA key.
Use of OpenSSL as an SSL/TLS client when connecting to a server whose certificate uses an RSA key is NOT affected.
Verification of client certificates by OpenSSL servers for any key type is NOT affected.
Users of OpenSSL 0.9.8 should update to the OpenSSL 0.9.8j release
which contains a patch to correct this issue.
How do we go about updating to 0.9.8j? From the gateway we clicked the Check for Updates button but it didn't detect anything. Is there something else that we need to do?
Are you using the appliance or an iso build?
If you go out to your appliance update site and install the updates it should get you to version i.
Sorry the Protocol is V3. The version of Open ssl is 0.9.8i
Here is what I did:
1. Logged into Gateway appliance.
2. Click System > Updates > Scan for UPdates.
This returns "Scan Completed" with no updates listed.
can you ping landesk.com from your appliance?
No. Ping has been disabled. The gateway appliance has been locked down.
you need to be able to contact the landesk update server to have the ability to download the Appliance updates.
By Landesk update server, do you mean our server (our core server that I
use to deploy windows updates to our environment, etc...)? Or is it a
LANDesk update server run by LANDesk and located on the Internet.
TY - PLEASE NOTE THAT I HAVE STARTED ANOTHER THREAD ON HOW TO UPDATE
OPENSSL ON GATEWAY APPLIANCE. Thread is here: