Poodle

A vulnerability was recently exposed in a protocol that secures web pages in HTTPS mode. When users on your website view pages in HTTPS mode, there are a number of underlying technologies that the web uses to encrypt data and make it secure.  A vulnerability in one of those technologies (SSL 3.0) was recently publicized by Google with a codename of “POODLE”.  This vulnerability is serious enough that it would compromise the security of your HTTPS pages.

If you have not chosen to fix this already it is almost certainly a vulnerability for your server.  In fact,  it is possible that your server may also be configured to allow the SSL 2.0 protocol, which also had a publicized vulnerability a while ago.

There is a tester you can run here: https://www.poodlescan.com/

In order to fix it on a Windows server running IIS, I recommend using the IIS Crypto utility, which is a free utility put out by NARTAC Software here.

Apply the following settings and then reboot:

crypto

Author: Dan Persson

As the VP of Technology, Dan leads the MedTouch Product Team and is responsible for our healthcare modules for Sitecore as well as serving as a technical consultant to key clients. Dan has 15 years of experience with a variety of Content Management Software (CMS) tools and was instrumental in building the MedTouch Healthcare Accelerator Framework. He served as Technical Lead on several MedTouch award-winning sites, including The University of Kansas Hospital (Sitecore Healthcare Site of the Year Winner), Drexel Medicine (Interactive Media Awards, Hospital Best in Class 2012) and Providence Health & Services. Dan is a long-standing Sitecore certified developer and graduated from the University of Massachusetts, Amherst, with a B.S. in Computer Science.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s