Re: [SR-Users] Susceptibility to POODLE Vulnerability?

21 Oct 2014

Am 21.10.2014 um 08:20 schrieb Olle E Johansson:
...

 >
> !!! *a warning **that the use of SSLv3 **susceptibility to POODLE
> Vulnerability* !!!
>  Well, since Poodle requires a web browser and java script we're not in 
 danger from a Poodle attack. Even so, we are not enabling SSL by 
 default, only enabling TLS. All versions of SSL are too old to be
 secure. We can not add a warning text for every possible attack,
 but have published information on twitter, facebook, G+ and
 on the mailing lists.

 Are we aware of any phones or SIP servers that only supports SSLv3
 and have no support of TLS?

 /O

 _______________________________________________
 SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
 sr-users(a)lists.sip-router.org
 http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users asterisk just
published a security warning

source: http://downloads.asterisk.org/pub/security/AST-2014-011.html

you have to force asterisk to do TLSv1
the defaults settings allowing a SSLv3/SSLv2 fallback.

-- 
*Rainer Piper*
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161
P2P: sip:rainer@sip.soho-piper.de:5072 (pjsip-test)
XMPP: rainer(a)xmpp.soho-piper.de

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [SR-Users] Susceptibility to POODLE Vulnerability?