Just got an email about this.
I'm concerned that this vulnerability may require a client side patch to browsers as well since TLS 1.2 seems to be the latest version available in IE, Safari and Chrome.
Qualys SSLLabs reports 7.4R13.2 as vulnerable on SA6500 but on MAG-4610 !!
SSL Labs / Qualys reported 8.0R6 (build 32195) as vulnerable as well.
Looks like TLS 1.2 is going to be a requirement going forward. However, I'm not aware of an option on the IVE to disable TLS 1.0 & 1.1. This is going to take a firmware update.
Are you failing on both SSLv3 and TLS? I've tested against 7.4R10 and 8.0R6 and they all pass the TLS Poodle check.
Do you have a case open that you can send me your system and user configuration? I have not been able to replicate the issue so far and this may be specific setting on your device.
Kita, I have the same result as flip_pipe.
I've uploaded a config and SSL Labs scan to case 2014-1208-0983.
Scan failed for me too on 8.0R6 - https://www.ssllabs.com/ssltest
'This server is vulnerable to the POODLE attack against TLS servers. Patching required. Grade set to F.
Any news from Juniper on this?
Juniper has this TSB16579. It seems the "problem" is in the hardware acceleration card.