Fixing the POODLE (SSLv3) vulnerability (ZCS 8.0.x, ZCS 8.x)


Yesterday Google engineers published about one vulnerability in SSLv3 called POODLE (Padding Oracle On Downgraded Legacy Encryption). In words of Google, you can click in the Image for view the entire Google PDF about the issue:

 "SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue."

 

The Zimbra team was working hard yesterday after the Google announcement, and we wrote a Wiki Page for Fix this issue in Zimbra Collaboration 8.0.x and 8.x. The Wiki page is in constant evolution and we will provide more information or steps, when we will test it before. Please, click here to go to the Wiki Page.

Login to post a comment
Supported By Jabetto