Poodle and port 8843

[luc]

Hi,
scenario: Plesk 12 on centos with nginx on a proxmox openVZ containers

I applied the changes suggested by http://kb.odin.com/en/123160, later I get the following response:

[root@ns403 ~]# for i in `echo 21 587 443 465 7081 8443 993 995 `; do /bin/sh /root/poodle.sh 127.0.0.1 $i; done
127.0.0.1:21 - Not vulnerable. Failed to establish SSLv3 connection.
127.0.0.1:587 - Not vulnerable. Failed to establish SSL connection.
127.0.0.1:443 - Not vulnerable. Failed to establish SSL connection.
127.0.0.1:465 - Vulnerable! SSLv3 connection established using SSLv3/ECDHE-RSA-AES256-SHA
127.0.0.1:7081 - Not vulnerable. Failed to establish SSLv3 connection.
127.0.0.1:8443 - Vulnerable! SSLv3 connection established using SSLv3/ECDHE-RSA-AES256-SHA
127.0.0.1:993 - Not vulnerable. Failed to establish SSLv3 connection.
127.0.0.1:995 - Not vulnerable. Failed to establish SSLv3 connection.

What I miss?

Any tips?
thx

 

[UFHH01]

Hi luc,

you made nothing wrong, but ignore the fact that some ciphers are defined as SSLv3 ciphers, even that they are TLSv1 - ciphers.
Please use the following command to list all TLSv1 - ciphers:

openssl ciphers -v 'TLSv1' | sort​

You will now see, that these are SSLv3 AND TLSv1 - ciphers. The Poodle - Test - script is not at all perfect and only looks for SSLv3 - ciphers, as you can see in the code:

...
protocol=${3:-ssl3}
...

Please use a decent test as at: https://www.ssllabs.com/ssltest/ to be sure, if your server is vulnerable or not.