AnsweredAssumed Answered

Need help with poodle vulnerability

Question asked by ptitgnu D on Dec 11, 2014
Latest reply on Dec 12, 2014 by ptitgnu D

Hi everybody,

 

I applied SSL Server Test online tool on my server.

Everything is ok except a poodle SSLv3 vulnerability, which grades my server to C.

 

In fact, SSLv3 is disabled.

But my society provides web services for users who can not understand the refused connection message generated if their browser tries a SSlv3 request.

Thus, our server is configured to catch those users and send them to a "user friendly" http page, isolated from the rest of our services, which explains how to patch their browser in order to access to our web services.

 

I think that the SSL Server Test concludes to a poodle vulnerability only because its request with SSLv3 does not receive an error response.

How can I get a A grade ? (Your tools have a strong renown for several of our partners and we would like to present report to them)

 

Thanks

Outcomes