Environment
Novell Service Desk Appliance 6.5.4, 7.0, 7.0.1, 7.0.2, 7.0.3
Situation
SSLv3 Fallback Protection “POODLE” vulnerability (CVE-2014-3566)
Severity: Medium
Version: OpenSSL 1.0.1, 1.0.0, 0.9.8
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt cipher text using a padding oracle side-channel attack.
OpenSSL Description: "Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE."
All products using OpenSSL version 1.0.1, 1.0.0, 0.9.8 are impacted.
Severity: Medium
Version: OpenSSL 1.0.1, 1.0.0, 0.9.8
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt cipher text using a padding oracle side-channel attack.
OpenSSL Description: "Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE."
All products using OpenSSL version 1.0.1, 1.0.0, 0.9.8 are impacted.
Resolution
By default, Novell Service Desk does not have SSL enabled. However,
if the cool solution was followed to enable SSL,
please follow the steps below to resolve the issue.
To resolve the NSD Appliance:
Edit the file nsd-ssl-vhost.conf and include SSLProtocol all -SSLv2 -SSLv3

For Linux and Windows:
Edit the file server.xml and include the following shown below:

To resolve the NSD Appliance:
Edit the file nsd-ssl-vhost.conf and include SSLProtocol all -SSLv2 -SSLv3
For Linux and Windows:
Edit the file server.xml and include the following shown below: