TIBCO BusinessEvents and POODLE Vulnerability
Article ID: KB0108129
Updated On:
| Products | Versions |
|---|---|
| DO NOT USE! - TIBCO BusinessEvents - Enterprise Edition | - |
| Not Applicable | - |
Description
TIBCO BusinessEvents has a number of security transports that utilize secure protocols such as SSLv3. The POODLE Vulnerability is addressed in TIBCO BusinessEvents 5.1.4 release onwards and there is no mitigation available in versions prior to BusinessEvents 5.1.4. The following is a list of the components affected in TIBCO BusinessEvents.
HTTP/s Channels
In order to mitigate the POODLE vulnerability, the SSLv3 protocol is disabled by default in the HTTP/s channel from the TIBCO BusinessEvents 5.1.4 release onwards. Existing projects will have to be imported into 5.1.4, manually updated, and EAR files have to be rebuilt in order to disable SSLv3. For the manual update, open the project in TIBCO BusinessEvents Studio and select the HTTP channel - Advanced Tab - and set the SSL Server Protocols field to "TLSv1,TLSv1.1,TLSv1.2". This will allow all of the TLS protocol versions and disable the SSLv3 protocol.
TIBCO BusinessEvents WebStudio
SSLv3 protocol is now disabled for the HTTP/s connections from TIBCO BusinessEvents 5.1.4 release onwards.
TIBCO BusinessEvents Views
SSLv3 protocol is now disabled for the HTTP/s connections from TIBCO BusinessEvents 5.1.4 release onwards.
Issue/Introduction
Environment
Additional Information
TIBCO BusinessEvents 5.1.4 Release Notes
TIBCO BusinessEvents Views 5.1.4 Release Notes
Feedback
