Is QCVDS/VDS susceptible to the vulnerabilities in Secure Socket Layer (SSL) version 3.0 protocol? (134709)

Chat now with support

Return

Feedback submitted.

Was this article helpful?

[Select Rating]

Title

Is QCVDS/VDS susceptible to the vulnerabilities in Secure Socket Layer (SSL) version 3.0 protocol?
Description

QCVDS/VDS could be affected as far as the customer at client side uses SSL 3.0 or uses it at Directory side.
Cause

This vulnerability is caused by a weakness in the CBC encryption algorithm used in SSL 3.0. Since this is a protocol design weakness it could affect all flavors of SSL 3.0 implementation.
Resolution

As a workaround customer can use TLS in any or both sides to avoid this problem.
Steps required to enable TLS:
QCVDS (6.0.x):
-      Listener: go to SSL tab and select TLSv1 option.
-      Server Group: go to SSL tab and select TLSv1 option.
VDS (6.1.0):
-      Listener: go to Security tab and select only TLSv1 option.
-      Data Source: go to SSL tab and select only TLSv1 option.

Feedback submitted.

Was this article helpful?

[Select Rating]

Title