Description:
TIBCO BusinessEvents has a number of security transports that utilize secure protocols such as SSLv3. The POODLE Vulnerability is addressed in TIBCO BusinessEvents 5.1.4 release onwards and there is no mitigation available in versions prior to BusinessEvents 5.1.4. The following is a list of the components affected in TIBCO BusinessEvents.

HTTP/s Channels

In order to mitigate the POODLE vulnerability, the SSLv3 protocol is disabled by default in the HTTP/s channel from the TIBCO BusinessEvents 5.1.4 release onwards. Existing projects will have to be imported into 5.1.4, manually updated, and EAR files have to be rebuilt in order to disable SSLv3. For the manual update, open the project in TIBCO BusinessEvents Studio and select the HTTP channel - Advanced Tab - and set the SSL Server Protocols field to "TLSv1,TLSv1.1,TLSv1.2". This will allow all of the TLS protocol versions and disable the SSLv3 protocol.

TIBCO BusinessEvents WebStudio

SSLv3 protocol is now disabled for the HTTP/s connections from TIBCO BusinessEvents 5.1.4 release onwards.

TIBCO BusinessEvents Views

SSLv3 protocol is now disabled for the HTTP/s connections from TIBCO BusinessEvents 5.1.4 release onwards.

TIBCO BusinessEvents 5.1.4 Release Notes

TIBCO BusinessEvents Views 5.1.4 Release Notes