Is QCVDS/VDS susceptible to the vulnerabilities in Secure Socket Layer (SSL) version 3.0 protocol? (134709)

Chat now with support

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

Is QCVDS/VDS susceptible to the vulnerabilities in Secure Socket Layer (SSL) version 3.0 protocol?
Description

QCVDS/VDS could be affected as far as the customer at client side uses SSL 3.0 or uses it at Directory side.
Cause

This vulnerability is caused by a weakness in the CBC encryption algorithm used in SSL 3.0. Since this is a protocol design weakness it could affect all flavors of SSL 3.0 implementation.
Resolution

As a workaround customer can use TLS in any or both sides to avoid this problem.
Steps required to enable TLS:
QCVDS (6.0.x):
-      Listener: go to SSL tab and select TLSv1 option.
-      Server Group: go to SSL tab and select TLSv1 option.
VDS (6.1.0):
-      Listener: go to Security tab and select only TLSv1 option.
-      Data Source: go to SSL tab and select only TLSv1 option.

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title