Hi All,
AirWave is vulnerable to the new POODLE SSL Vulnerability defined in CVE-2014-3566. In order to mitigate the vulnerability we need to disable the SSLv3 and SSLv2 Ciphers in the pound proxy configuration. This is done by doing the following. This was tested on AMP version 7.7.12.
1) Make a backup of your pound.cfg file:
cp /etc/pound.cfg /etc/pound.cfg.old
2) Edit the allowed Ciphers to remove SSLv2 and SSLv3:
sed -i 's/"DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA"/"ALL:!SSLv2:!SSLv3"/' /etc/pound.cfg
3) Restart the Pound process:
service pound restart
4) Confirm that SSLv3 is now disabled:
curl -3 amp-server-hostname > /dev/null
or
wget --sercure-protocol=SSLv3 -O /dev/null amp-server-hostname
For more information about the vulnerability checkout the openssl.org white paper
Cheers,
Aaron