How to address SSL 3.0 Poodle vulnerability

Document created by botan02 on Dec 30, 2014
Version 1Show Document
  • View in full screen mode

The web components (WAC and PM) run under the same instance of tomcat and the primary entry point is IIS (on Windows) or Apache webserver (on Linux) which redirects the requests to Tomcat instance. To support HTTPS (HTTP over SSL) we recommend to configure IIS or Apache webserver with SSL or TLS.
The configuration of the webservers (IIS or Apache webserver) for SSL/TLS is not done by the ITCM installer, but we recommend customers to do by themselves.

   

If HTTPS is used then to avoid Poodle vulnerability following are the recommendations:

 

1. Configure the webserver with latest version of TLS instead of SSL. Please refer to the OS and webserver documentation/help for setting up of TLS.

2.  The browser used to access the websites should disable SSL and enable latest versions of TLS.

Please refer to the browser documentation/help for disabling SSL and enabling TLS.

Attachments

    Outcomes