cancel
Showing results for 
Search instead for 
Did you mean: 

Hi,

regarding the newest vulnerability: Web Gateway 7 with an enabled SSL scanner in default configuration seems to be vulnerable too according to https://www.poodletest.com/

I changed these settings:

Policy > Settings

  • Engines > SSL Scanner > Default Certificate Verification
    • SSL Protocol version
      • SSL 3.0: off
    • Use alternative handshake settings after handshake failure: off

and the test page no longer says I am vulnerable.

Is there any official recommendation from McAfee yet?

Kind regards,

Robert

1 Solution

Accepted Solutions

Re: POODLE

Jump to solution

For questions  on POODLE, Please see:

Regards,

Joshua Madsen

Technical Support Engineer

Network Support

McAfee. Part of Intel Security.

6 Replies
Reliable Contributor frank_enser
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: POODLE

Jump to solution

Hi,

no official recommendations yet, but due to the fact that all SSL 3.0 enabled clients are vulnerable to MITM attacks, you should disable ssl 3.0.

Regards,

Frank

Re: POODLE

Jump to solution

I am agree with Frank.

I didn't see any recommendation connected to this.

You will have your own choice to disable it.

Re: POODLE

Jump to solution

Hi,

would the people in this thread not knowing anything official kindly refrain from posting that they do not know anything official? Thank you!

Regards,

Robert

Re: POODLE

Jump to solution

For questions  on POODLE, Please see:

Regards,

Joshua Madsen

Technical Support Engineer

Network Support

McAfee. Part of Intel Security.

Re: POODLE

Jump to solution

Hi Joshua,

thank you. I was an the right track, but did find get all the hidden gems. :-)

Kind regards,

Robert

Re: POODLE

Jump to solution

Just curious - for people that have implemented these recommendations and have disabled SSL 3.0 and created an "exceptions" list with a different SSL Scanning Engine, did it go fairly smoothly?  Or did you have to add quite a few exceptions?  I'm just curious what the potential user impact would be to disable SSL 3.0.

Thanks!

ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.