16.10 The POODLE Security Vulnerability

LDAPS in eDirectory allow SSLv3 for secure communication, and SSLv3 has been found to have protocol vulnerability as per CVE-2014-3566. Ensure that you disable SSLv3 to prevent POODLE security vulnerability.

SSLv3 can be disabled by any of the following methods:

To disable SSLv3 through iManager, do the following:
1. Log in to iManager as an administrator.
2. In Roles and Tasks pane, click Directory Administration > Modify Object.
  
  The Modify Object page is displayed.
3. Click icon to select the LDAP server object and click OK.
  
  The Modify Object configuration page is displayed.
4. Go to General > Connections property tab.
5. In Transport Layer Security (TLS/SSL) section, select Disable SSLv3 option.
6. Click Apply and then click OK.
SSLv3 can also be disabled through LDAP. To disable SSLv3, set number 128 to the ldapBindRestrictions attribute on the LDAP server object. For example, if the current value is 49, replace the value with 128.

NOTE:This SSLv3 configuration should be done on each LDAP server object.