How to verify POODLE vulnerability after installing the TRA 5.7.4_HF-003 OR TRA 5.9 (HF 4) + BW 5.12

How to verify POODLE vulnerability after installing the TRA 5.7.4_HF-003 OR TRA 5.9 (HF 4) + BW 5.12

book

Article ID: KB0092592

calendar_today

Updated On:

Products Versions
TIBCO ActiveMatrix BusinessWorks -
Not Applicable -

Description

Description:

These steps are for AIX IBM installation. The same steps can be used for Windows and Linux boxes. OpenSSL is required for verification. It can be downloaded from https://www.openssl.org/related/binaries.html


Install OpenSSL and run the server with sslv3 alone.

======================================


1). Install openssl (it can be in some Windows box).

2). Download the attached dummy certificates (password : root) (Filename: simple_client_project.zip).

3). Run the OpenSSL command as follows. It starts up the server. 


openssl s_server -accept 8443 -key C:\temp\mycerts\root.key -cert C:\temp\mycerts\root.crt -ssl3 -debug


Run the Sample BW project to test 

==========================


4). Go to the AIX box where the provider is set as "ibm". For Windows and Linux it could be "j2se" or "entrust".

5). Run the attached project with the property file. Don't forget to change the host name before running the project. Use Designer to change it.


./bwengine -p properties.cfg /opt/bw/simple_client


properties.cfg file content 

===================

Trace.Task.*=true

java.property.TIBCO_SECURITY_VENDOR=ibm

java.property.com.tibco.security.ssl.client.EnableSSLv3=true

java.property.com.tibco.security.ssl.server.EnableSSLv3=true


6). The project console should show the following message:


2015 Apr 14 12:48:17:749 GMT -0700 BW.aixqa02.na.tibco.com Debug [BW-User]  from com.tibco.plugin.http.client.HttpRequestActivity for [Client.process/Send HTTP Request] Sending an HTTP request to: https://10.108.64.220:8443

Persistent Connection Manager is Disabled

Persistent Connection Manager is Disabled

2015 Apr 14 12:48:18:496 GMT -0700 BW.aixqa02.na.tibco.com Debug [BW-Core]  <= Client.process/Send HTTP Request.eval(Job-12000) returned STAY_HERE


7). Remove the "EnableSSLv3" property and run the same again. It should show the following message: 


javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.


If  the sample project is not working as expected, there is a problem with the environment. 

If the sample project works, it will be a problem with the application configuration. 

Issue/Introduction

How to verify POODLE vulnerability after installing the TRA 5.7.4_HF-003 OR TRA 5.9 (HF 4) + BW 5.12

Resolution

Please follow the steps as mentioned in the Description

Additional Information

https://www.openssl.org/related/binaries.html

Attachments

How to verify POODLE vulnerability after installing the TRA 5.7.4_HF-003 OR TRA 5.9 (HF 4) + BW 5.12 get_app
Powered by Wolken Software