Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
SteelApp not vulnerable to POODLE 2.0 (CVE 2014-8730)
Since this previous article /t5/SteelApp-Docs/Disabling-SSL-v3-0-for-SteelApp/ta-p/73982, security researchers have determined that TLS 1.x, including TLS 1.2, may also be vulnerable to POODLE-type attacks if an incorrect padding check is used. However, SteelApp is not vulnerable to this latest issue (CVE 2014-8730), because its TLS stack performs the complete padding checks required by TLS.
The original POODLE vulnerability only applies to SSLv3 (ProtocolVersion.major = 3 and ProtocolVersion.minor = 0 in the ClientHello and ServerHello) and is a protocol-level weakness. It therefore affects all implementations of SSLv3, including that of SteelApp traffic manager.
POODLE 2.0 is not a protocol-level weakness, but a bug in certain TLSv1.0 - TLSv1.2 (ProtocolVersion.major = 3 and ProtocolVersion.minor = 1,2,3) implementations. SteelApp traffic manager's TLS implementation does all the proper checks in all TLS versions (1.0 - 1.2) and is therefore not affected by POODLE 2.0.