QCVDS/VDS could be affected as far as the customer at client side uses SSL 3.0 or uses it at Directory side.
This vulnerability is caused by a weakness in the CBC encryption algorithm used in SSL 3.0. Since this is a protocol design weakness it could affect all flavors of SSL 3.0 implementation.
As a workaround customer can use TLS in any or both sides to avoid this problem.
Steps required to enable TLS:
QCVDS (6.0.x):
- Listener: go to SSL tab and select TLSv1 option.
- Server Group: go to SSL tab and select TLSv1 option.
VDS (6.1.0):
- Listener: go to Security tab and select only TLSv1 option.
- Data Source: go to SSL tab and select only TLSv1 option.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy