Follow

Poodle Fix Update Available

The official fix for SSL 3.0 vulnerability CVE-2014-3566, also known as Poodle bug, has been released for 2.4, 2.5 and 3.0 version.

In order to fix it just update your systems; where for some reason you're not able to perform an update, you can apply a manual fix as described below:

 

The following files needing modification are listed below (see this guide to learn about editing files using the CLI):

/etc/httpd/conf.d/vhosts/hotspot.conf.tmpl  (2 lines need to be modified)

/etc/httpd/conf.d/vhosts/access.conf.tmpl  (2 lines need to be modified)

/etc/httpd/conf/httpd.conf.tmpl  (1 line needs to be modified)

 

Add the following "-SSLv3" to the end of each file listed above on the line that contains "SSLProtocol all -SSLv2":

# What the line looks like before change:

SSLProtocol all -SSLv2

 

# What the line looks like after change:

SSLProtocol all -SSLv2 -SSLv3

 

Now you should restart Apache

restarthttpd -f

# If you're running the Switchboard you'll also need to restart the following;

restartaccess -f

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Endian QA Team

    The official update has been released for 2.4, 2.5 and 3.0 version.