[Linux-PowerEdge] Openmanage SSLv3 poodle vulnerability

Heijmans S (spir-it) Heijmans at rechtspraak.nl
Fri Oct 17 07:43:53 CDT 2014


Hi,

>> How do you stop openmanage from using insecure SSL versions such as SSLv3 following CVE-2014-3566?
On Linux OMSA 7.4.0 we did the following;

- edit /opt/dell/srvadmin/lib64/openmanage/apache-tomcat/conf/server.xml
    <Connector compression="force" SSLEnabled="true" address="*" clientAuth="false" keystoreFile="conf/keystore.db" keystorePass="${keystore_password}" keyPass="${key_password}" maxThreads="150" maxPostSize
="6291456" port="1311" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS" ciphers="SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_AES_12
8_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"/>
        * remove sslProtocol="TLS"
        * add sslEnabledProtocols = "TLSv1,TLSv1.1,TLSv1.2"
- restart services
- check with; openssl s_client -ssl3 -connect <host>:<port>

Regards,
Stefan

________________________________

Informatie van de Raad voor de rechtspraak, de rechtbanken, de gerechtshoven en de bijzondere colleges vindt u op www.rechtspraak.nl.



More information about the Linux-PowerEdge mailing list