Is it possible to disable SSL v3.0 in Bigfix 9.1.1117 or 9.2 relays? My security team wants me to disable it to remediate the POODLE vulnerability. The fixlets available only fix it from the OS perspective, not the Bigfix Relay perspective.
These articles note the addition of TLS 1.2 and SHA256 hashing, but they don’t mention the ability to disable SSL v3.0. Does anyone know if it is possible to remediate POODLE in a Relay?
The Enhanced Security feature disables SSL3, TLS 1.0 and TLS 1.1. Further, it forces the HTTPS connection to be TLS 1.2. By default, the 9.1 and 9.2 Platform components have TLS 1.2 enabled.
On first read, I think I misunderstood the documentation. To have SSL v3.0 removed, the prerequisites for Enhanced Security must be met AND the entire environment on 9.1.x or later AND enable Enhanced Security feature.
If I understand correctly, it isn’t possible to set Enhanced Security on just certain relays. It appears to be an all or nothing. Is that correct?
For all practical purposes, the POODLE attack requires a web browser in order for the attacker to manipulate the data after downgrading the connection. Relay traffic does not involve web browsers, and so relays are not susceptible to POODLE.
Of course, having said all that, disabling SSLv3 is a good idea from a security perspective, it’s just that POODLE specifically is not a factor in this case.
@ottumm linked a great resource explaining the applicability of the POODLE vulnerability.
There are many parts of an operating system that can potentially be vulnerable to a network facing attack (like POODLE). Is there a specific Red Hat application that you would like addressed? Are you referring to a port of Red Hat’s SSLv3 (POODLE) detector to a Fixlet?