Return
-
Title
Is QCVDS/VDS susceptible to the vulnerabilities in Secure Socket Layer (SSL) version 3.0 protocol? -
Description
QCVDS/VDS could be affected as far as the customer at client side uses SSL 3.0 or uses it at Directory side.
-
Cause
This vulnerability is caused by a weakness in the CBC encryption algorithm used in SSL 3.0. Since this is a protocol design weakness it could affect all flavors of SSL 3.0 implementation.
-
Resolution
As a workaround customer can use TLS in any or both sides to avoid this problem.
Steps required to enable TLS:
QCVDS (6.0.x):
- Listener: go to SSL tab and select TLSv1 option.
- Server Group: go to SSL tab and select TLSv1 option.
VDS (6.1.0):
- Listener: go to Security tab and select only TLSv1 option.
- Data Source: go to SSL tab and select only TLSv1 option.