Is CAM protected from the zombie poodle and golden poodle vulnerabilities CVE-2019-6593
The product team has reviewed the vulnerability and does not believe that Cloud Access Manager is affected.
By Default CAM uses the following cipher suites, which don’t appear to be affected by the issue:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA
They have also done some limited testing with the following ciphers which can be added at the beginning of the cipher list in the server.xml file in CAM for the 443 connector:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
These ciphers use GCM rather than CSC which does not use padding which is what POODLE exploits.
We recommend that you backup the server.xml file before adding these ciphers and that you make the changes in your test environment before rolling out to production.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center