Response to the OpenSSL (POODLE) Vulnerability
Last Updated: October 22, 2014
The POODLE vulnerability is described at the following url: https://www.openssl.org/~bodo/ssl-poodle.pdf
For CA Directory, SSLv3 is supported and is defined by a configuration setting in the default.dxc file in the DXHOMEconfigssld folder (on Windows substitute DXHOME with %DXHOME% and $DXHOME on Linux/Unix). If you are pointing at a different ssld file than default.dxc, then update that file.
In the "set ssl = %7B" command, ensure the protocol line is uncommented and is set to 'tls' to exclude SSLv3 as an accepted protocol. For example:
protocol = tls
Ensure that the DSA is either restarted or initialised for the changed config to take effect.
The CA Directory 12.0 SP14 CR1 (available end of October 2014) and CA Directory 12.0 SP15 will have the SSL3 disabled OOTB in the default.dxc configuration.