security - Is the HTTPS protocol affected by the Poodle SSLv3 attack? -
we have iplanet webserver communicates weblogic(app server) on non-ssl (http) port. not using https in weblogic , webservers , app servers behind firewall. certificate installed on weblog server instances don't utilize https port. iplanet web server running on https ports , behind load balancer.
lb (httpswebserver (http) weblogic traffic flow. no traffic straight comes web server or weblogic.
for poodle remediation, still need disable sslv3 web server , app server?
looks terminating ssl (or https) traffic @ webserver. there 2 parts:
lb webserver (https traffic): disable sslv3 on webserver. https means http tunneled on ssl protocol. impacted. webserver weblogic (http traffic) : here. security ssl weblogic weblogic11g poodle-attack
No comments:
Post a Comment