AnsweredAssumed Answered

Poodle TLS but running latest openssl from RH

Question asked by Sunil Vakharia on Apr 5, 2017
Latest reply on Apr 13, 2017 by Sunil Vakharia

Hi,

I am struggling somewhat to understand why SSL labs is highlighting one of our servers having the POODLE TLS vulnerability.

The server runs RHEL 5.11 and has the latest openSSL available via RH updates.

 

 

As per Redhat, CVE-2014-8730 - Red Hat Customer Portal , I see that the server is not vulnerable.

Is there some way to validate if the site is vulnerable?

 

There is an F5 load balancer in front which does SSL-passthrough. That F5 is also not vulnerable since it has a version which is not affected by this bug.

Outcomes