AnsweredAssumed Answered

Poodle Mitigation ?

Question asked by peter milan on Oct 25, 2014
Latest reply on Oct 25, 2014 by Dan Wilson

We are in the process of checking our domains to confirm whether POODLE is affecting any of our web sites.

 

it appears that two of them have an issue however one appears to be mitigated. I understand that this question has been asked before but I am curious as to why its reported in a diffferent manner since both Ciphers are using RC4 which is a stream cipher.

 

MITIGATED Domain A :            SSL 3  TLS_RSA_WITH_RC4_128_SHA (0x5)   No FS   RC4  128

Non-Mitigated Domain B:          SSL 3  TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4  128

 

Now the Non-Mitigated Domain also shows the following:

 

TLS_RSA_WITH_DES_CBC_SHA(0X9)   WEAK   56           <<<<<<<<<<  Is this the reason Domain B shows up as vulnerable to POODLE  ???

 

 

Assuming that the NON-Mitigated Domain B did not have TLS_RSA_WITH_DES_CBC_SHA(0X9)   WEAK   56

 

then would the presence of this (Below) classify it as Mitigated? I assume the RC4 presence saves the day here as its a stream cipher.?

Non-Mitigated Domain B:          SSL 3  TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4  128

 

I dont exactly follow

TLS_RSA_WITH_DES_CBC_SHA(0X9)   WEAK   56    is this SSL v3 Related

 

 

Also is the recommended way to remove SSLv3 support on Windows IIS servers through registry manipulation?

 

Thanks in advance for the help.

Outcomes