Disabling SSLv3 when using OpenEdge Explorer with secure con

Posted by MTBOO on 19-Oct-2016 06:25

Hi,

We are using OE 11.3 and OpenEdge Explorer has been configured to be used with a secure connection. Is there any way to force use of TLS due to known POODLE vulnerability with SSLv3

Regards

OpenEdge General - Forum
Posted by Satya Prasad on 20-Oct-2016 00:50

11.3.3.026 has POODLE and SHA2 support as well. So, it’s good to upgrade to 26 HF.
 
For further details, please reference the whitepaper "Addressing POODLE vulnerability and SHA2 support in Progress OpenEdge 11.3.3​".
 
Thanks,
Satya
 

All Replies

Posted by Satya Prasad on 19-Oct-2016 08:11

POODLE vulnerability fixes are available in 11.3.3.013HF. In this, by default OpenEdge Explorer uses TLSv1 as the default protocol for the https connection.

More info available @ knowledgebase.progress.com/.../fileField

Thanks,

Satya

Posted by MTBOO on 19-Oct-2016 09:50

OK thanks for the answer. I guess we need 11.3.3.026 as that is the hot fix referred to when I look at the list of fixes in ESD

Posted by Satya Prasad on 20-Oct-2016 00:50

11.3.3.026 has POODLE and SHA2 support as well. So, it’s good to upgrade to 26 HF.
 
For further details, please reference the whitepaper "Addressing POODLE vulnerability and SHA2 support in Progress OpenEdge 11.3.3​".
 
Thanks,
Satya
 

This thread is closed