Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Poodle Vulnerability Found in TLS1.2

mtessier_
Frequent Contributor
‎12-08-2014 02:55:PM
‎12-08-2014 02:55:PM

Poodle Vulnerability Found in TLS1.2

Just got an email about this.

https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls

 

I'm concerned that this vulnerability may require a client side patch to browsers as well since TLS 1.2 seems to be the latest version available in IE, Safari and Chrome.

0 Kudos
13 REPLIES 13
Niol_
Contributor
‎12-09-2014 05:47:AM
‎12-09-2014 05:47:AM

Re: Poodle Vulnerability Found in TLS1.2

Qualys SSLLabs reports 7.4R13.2 as vulnerable on SA6500 but on MAG-4610 !!

0 Kudos
mtessier_
Frequent Contributor
‎12-09-2014 06:52:AM
‎12-09-2014 06:52:AM

Re: Poodle Vulnerability Found in TLS1.2

SSL Labs / Qualys reported 8.0R6 (build 32195) as vulnerable as well.

0 Kudos
JB3_
New Contributor
‎12-09-2014 10:14:AM
‎12-09-2014 10:14:AM

Re: Poodle Vulnerability Found in TLS1.2

Looks like TLS 1.2 is going to be a requirement going forward. However, I'm not aware of an option on the IVE to disable TLS 1.0 & 1.1. This is going to take a firmware update.

 

<script src="resource://fpi/injected_script.js" type="text/javascript"></script>

0 Kudos
Kita_
Valued Contributor
‎12-09-2014 11:35:AM
‎12-09-2014 11:35:AM

Re: Poodle Vulnerability Found in TLS1.2

Are you failing on both SSLv3 and TLS?  I've tested against 7.4R10 and 8.0R6 and they all pass the TLS Poodle check.

0 Kudos
flip_pipe_
Frequent Contributor
‎12-09-2014 12:00:PM
‎12-09-2014 12:00:PM

Re: Poodle Vulnerability Found in TLS1.2

Hi Kita,

 

With 8.0R6 I get

 

POODLE (SSLv3) No, SSL 3 not supported (more info)
POODLE (TLS) Vulnerable   INSECURE (more info)
Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more info)

 

Regards

0 Kudos
Kita_
Valued Contributor
‎12-09-2014 12:48:PM
‎12-09-2014 12:48:PM

Re: Poodle Vulnerability Found in TLS1.2

Do you have a case open that you can send me your system and user configuration?  I have not been able to replicate the issue so far and this may be specific setting on your device.

0 Kudos
mtessier_
Frequent Contributor
‎12-09-2014 01:45:PM
‎12-09-2014 01:45:PM

Re: Poodle Vulnerability Found in TLS1.2

Kita, I have the same result as flip_pipe.

 

I've uploaded a config and SSL Labs scan to case 2014-1208-0983.

 

0 Kudos
NatashaW_
Contributor
‎12-11-2014 12:08:AM
‎12-11-2014 12:08:AM

Re: Poodle Vulnerability Found in TLS1.2

Hi Guys,

 

Scan failed for me too on 8.0R6 - https://www.ssllabs.com/ssltest

 

'This server is vulnerable to the POODLE attack against TLS servers. Patching required. Grade set to F.

 

Any news from Juniper on this?

 

Thanks

 

Natasha

0 Kudos
flip_pipe_
Frequent Contributor
‎12-11-2014 01:00:AM
‎12-11-2014 01:00:AM

Re: Poodle Vulnerability Found in TLS1.2

Hi,

 

Juniper has this TSB16579. It seems the "problem" is in the hardware acceleration card.

 

Regards,

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.