Protecting TIBCO LogLogic Log Management Intelligence and TIBCO LogLogic Enterprise Virtual Appliance from POODLE
Article ID: KB0108203
Updated On:
| Products | Versions |
|---|---|
| TIBCO LogLogic Enterprise Virtual Appliance | - |
| Not Applicable | - |
Description
Description:
The recently discovered POODLE issue with SSL (CVE-2014-3566), detailed at https://www.openssl.org/news/secadv_20141015.txt, allows an attacker (a man-in-the-middle) to decrypt ciphertext using a padding oracle side-channel attack. However, Transport Layer Security (TLS), the newer encryption mechanism is not affected by POODLE.
All versions of TIBCO LogLogic(R) Log Management Intelligence and TIBCO LogLogic(R) Enterprise Virtual Appliance use OpenSSL for SSL and TLS encryption. Since the SSL implementation is affected by POODLE as noted above, we recommend configuring LogLogic Log Management Intelligence and LogLogic Enterprise Virtual Appliance to avoid the use of SSL 3.0 for all HTTPS and WSS connections.
To disable SSL 3.0 in TIBCO LogLogic Log Management Intelligence (all LX, ST, and MX models) and TIBCO LogLogic Enterprise Virtual Appliance, versions 5.4.X and 5.5.0, please follow the steps below; for older versions please contact Support.
1. Log in to the LogLogic system as root (login name "toor").
2. Edit the web server configuration file /loglogic/tomcat/conf/server.xml to change all of the lines that define "sslProtocol" from this:
sslProtocol=“TLS"
to this:
sslProtocol=“TLS” protocols=“TLSv1, TLSv1.1, TLSv1.2”
Either on one line (as shown) or two lines, will work.
3. For the change to be effective, the Tomcat server must be manually restarted. The best way to do this is by typing the following command at the shell prompt:
$ mtask -s engine_tomcat stop
$ mtask -s engine_tomcat start
4. Confirm that the change has taken effect and that the vulnerability is blocked by typing the following command at the shell prompt:
openssl s_client -connect “127.0.0.1:443” -ssl3
A local check (as shown) is sufficient but you may adapt these instructions for checking from another appliance if desired.
If the change has taken affect, you will see only the following error:
CONNECTED(00000003)
21442:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:281:
Otherwise you will see a long page of information, including the line:
Protocol : SSLv3
To return to the shell prompt, type "q" or Ctrl-C.
Environment
Issue/Introduction
Feedback
