TIBCO Enterprise Administrator (TEA) / SDK and POODLE Vulnerability

TIBCO Enterprise Administrator (TEA) / SDK and POODLE Vulnerability

book

Article ID: KB0108210

calendar_today

Updated On:

Products Versions
TIBCO Enterprise Administrator(TEA) SDK -
Not Applicable -

Description

Description:

Poodle vulnerability (CVE-2014-3566 ) has been  addressed in latest GA  release of TIBCO Enterprise Administrator (TEA) 2.1 and TIBCO Enterprise Administrator (TEA)-SDK 2.1.

Poodle vulnerability is fixed on Jetty httpClient/httpServer on TIBCO Enterprise Administrator (TEA) server and TIBCO Enterprise Administrator (TEA) agent side both.TIBCO Enterprise Administrator (TEA) 2.1 allows end users to exclude SSL protocols.


Please refer Configuring the TIBCO® Enterprise Administrator User's Guide-> TIBCO Enterprise Administrator Server ->SSL Properties.


1: Introduced 2 properties on TEA server side::

 Property Details
 tea.http.exclude.protocols works for  httpServer on Tea Server

 tea.http.client.exclude.protocols works for  httpClient on Tea Server



In the tea.conf of the tea server, if 'tea.http.exclude.protocols' is NOT mentioned then 'SSLv3' protocol will be excluded otherwise the configured exclude protocols will be honored. If 'tea.http.exclude.protocols' is set to empty value in the tea.conf like 'tea.http.exclude.protocols="" ' then TEA server will support all protocols (including SSLv3)

2:Introduced 2 properties on TEA agent side::


 Property Details
 tea.agent.http.exclude.protocols works for  httpServer on Tea Agent

 tea.agent.http.client.exclude.protocols works for  httpClient on Tea Agent



On Tea Agent side, if 'tea.agent.http.exclude.protocols' is NOT set (either using system property or via Tea Agent Server API) then 'SSLv3' protocol will be excluded otherwise the configured exclude protocols will be honored. If 'tea.agent.http.exclude.protocols' is set to empty string then NO protocols will be excluded (including SSLv3).


NOTE:


1.Format of the exclude protocols string, the delimiter uses comma  ',' like:


 tea.agent.http.exclude.protocols="SSLv3,TLS1"


2:Attention:

Some versions of the popular browsers may be configured to use SSLv3 as the protocol when connecting https server, so if you have any problem to access secured TEA server (by default the SSLv3 is disabled) via browser then please follow the browser's user guide to configure that browser excluding SSLv3 protocol for https server connecting.




Environment

Product:TIBCO Enterprise Administrator(TEA) , TIBCO Enterprise Administrator(TEA) -SDK. Version:2.0. OS:ALL

Issue/Introduction

TIBCO Enterprise Administrator (TEA) / SDK and POODLE Vulnerability
Powered by Wolken Software