On 8/9/16, 9:25 AM, Christopher Schultz wrote:
There /is/ a POODLE variation which is against TLS 1.0 - 1.2 [1]. If
SSLv3 is completely disabled (TLS1.0 is okay), then you aren't
vulnerable to "classic" POODLE. If you aren't using CBC-based cipher
suites with TLS1.0 - TLS1.2, then you should be okay.
With a Java 1.6 (1.6.0_26) client, my server refuses connections due
to too-small DH pairs when left to its own devices[2]. When the client
is restricted to certain ciphers, these cipher suites are usable:
Accepted TLSv1 TLS_RSA_WITH_AES_128_CBC_SHA
Accepted TLSv1 TLS_RSA_WITH_AES_256_CBC_SHA
Accepted TLSv1 SSL_RSA_WITH_3DES_EDE_CBC_SHA
Of course, those CBC-based cipher suites are the ones vulnerable to
the TLS flavor of POODLE.
Ivan Ristic tends to know what he's doing, so I think you can trust
Qualys's server-testing tool.
My understanding is that it is only certain implementations of TLSv1.0
that are vulnerable to POODLE-TLS.
The weirdest part is that everything I've tried (including the manual
test) tells ME that neither our Tomcat server, nor the customer's, were
accepting SSLv3 connections even before we began this exercise, and that
all our customers' Tomcat servers, at least the ones we're responsible
for, are similarly rejecting SSLv3, and have been for some time. And
yet, whoever is doing their security audit is saying that we NEED to
disable SSLv3. I'd sure like to know what they're using, that's telling
them it isn't already disabled.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org