The Poodle SSLv3 vulnerability and its impact on iPrint

  • 7015854
  • 31-Oct-2014
  • 10-Dec-2014


Novell iPrint for Linux
  • iPrint on OES
  • iPrint Appliance


SSLv3 contains a vulnerability.  To understand that vulnerability, see the following documents:

An explanation on the subject can be found here :
Understanding POODLE

The default iPrint configuration for OES and the iPrint Appliance is affected by this vulnerability.


Note: These steps are the same for iPrint on OES and the iPrint Appliance.
iPrint Server: Configure iPrint to not be subject to the SSLv3 vulnerability.

1. Edit the /etc/opt/novell/iprint/httpd/conf/iprint_g.conf
Find the following section within the iprint_g.conf:
SSLEngine Optional
SSLCertificateFile /etc/ssl/servercerts/servercert.pem
SSLCertificateKeyFile /etc/ssl/servercerts/serverkey.pem

Note: Depending on the version of iPrint there may be additional lines within this section of the iprint_g.conf.  Those additional lines will be remarked (preceded with a #).  Those remarked lines can stay in this section.
Modify this section of the iprint_g.conf to appear as follows:
SSLEngine Optional
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/ssl/servercerts/servercert.pem
SSLCertificateKeyFile /etc/ssl/servercerts/serverkey.pem

2. Restart Apache
rcapache2 restart

iPrint Remote Renderer
The iPrint Remote Renderer has the option to connect to the iPrint Appliance server via SSL. To protect iPrint Remote Renderer on the Windows machine in those situations, see section 'Disable SSL 3.0 in Windows' from the following Microsoft Security Advisory: 3009008.