SSL v3.0 Vulnerability -- POODLE (2016)

Document created by Terese_Baker Employee on Jun 5, 2015Last modified by mike_aronson on Mar 20, 2017
Version 4Show Document
  • View in full screen mode
Poodle is a vulnerability targeted at browsers.  Those browsers must have JavaScript enabled (almost everyone does).  It also requires the attacker to have access to the network between the browser and the web server.   As such, customers have the ability to mitigate this by editing their browser settings to turn off SSLv3.0 and use only TLS1.0 or better. All browsers should connect using the TLS protocol.  Dell Boomi has disabled SSLv3 on all of our sites and only operates via TLS1.0 & TLS1.2 on all of our connection points.
Poodle is a vulnerability targeted at browsers.  Those browsers must have JavaScript enabled (almost everyone does).  It also requires the attacker to have access to the network between the browser and the web server.   As such, customers have the ability to mitigate this now by editing their browser settings to turn off SSLv3.0 and use only TLS1.0 or better. This should be done immediately, once this is completed browsers should connect using the TLS protocol.

 

For SSLv3.0 "Poodle" vulnerability (CVE-2014-3566), to ensure our customers’ security, Dell Boomi has enabled TLSv1.0 and TLSv1.2 protocols on our connections and has recommended that users disable SSLv3.0 from their browsers.

 

*Important*: Customers with third-party client software that connects inbound to our cloud will need to verify that those clients can connect using TLS1.0 or TLS1.2.

 

Dell Boomi has enabled TLS1.0, & TLS1.2 on all of our sites.  Dell Boomi has disabled SSLv3.0 on all of our sites including:
  • Mdm.boomi.com
  • Ondemand.boomi.com
  • m.platform.boomi.com (mobile site)
  • Test.boomi.com
  • platform.boomi.com
  • connect.boomi.com
  • atom.boomi.com
  • api.boomi.com

Attachments

    Outcomes