Issue 17.5.3 Poodle

[Adam H.]

Hi,

I am running 17.5.3 and I have run the sslv3 disable script on my instance.

Running the poodle.sh script on my box. It is reporting all ports as being not vulnerable. Failed to establish SSLv3 connection.

From the outside I am seeing that I am having issues with POODLE on port 8443.

Can anyone help me out?

Thanks
Adam

 

[IgorG]

Sorry, but there is no specific information.

1. What's the "sslv3 disable script"?
2. What is "poodle.sh"?
3. "From the outside I am seeing ..." - how exactly do you see it?

 

[Adam H.]

I followed the steps at this link to disable SSLv3 server-wide: How to protect server from POODLE Attack Exploiting SSL 3.0 Fallback.

Poodle.sh is listed in the document listed above to test to see if a system is vulnerable.

It is being detected when I test the server using ImmuniWeb® SSLScan | High-Tech Bridge with port 8443 as well as a security scan.

Adam

 

[IgorG]

I have forwarded this issue to the responsible person for the further investigation.
I will update the thread with results as soon as I receive them.
Thanks.

 

[IgorG]

BTW, have you tried just

# plesk bin server_pref --update -ssl-protocols 'TLSv1 TLSv1.1 TLSv1.2'

Does it help?

 

[Adam H.]

I ran the above command. The command completed cleanly.

It is still failing and 2 external sites are reporting that the server is still running SSLv3 and vulnerable to POODLE.

The funny thing is that it was patched again this morning and it is still having issues. It is only showing up on port 8443. The rest of the sites running under the VPS are passing the tests. These are being hosted with Network Solutions.

 

[Adam H.]

Quick question - In a hosted environment would I have access to manage port 8443. Would all network solutions customers be vulnerable to POODLE or I am just doing something wrong?

 

[IgorG]

Quick question - In a hosted environment would I have access to manage port 8443. Would all network solutions customers be vulnerable to POODLE or I am just doing something wrong?

Sorry, but I don't understand the question very well. Who will be vulnerable if the server supports ssl3 on port 8443?
Only web clients (browsers) that also support ssl3 and connect to 8443 port.
Those who go to 80 and 443 ports will not be subject to attack.
Modern browsers will not be attacked in any way, even when they go to 8443 port.

Regarding your initial issue, I'd strongly recommend you contact Plesk Support Team for investigation directly on your server.

 

[IgorG]

BTW, here is new KB article about Poodle attack - Plesk Help Center