Re: Is OpenConnect Server affected with POODLE?(CVE-2014-3566)
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Fri Oct 17 01:59:07 PDT 2014
On Fri, Oct 17, 2014 at 9:51 AM, Alpha Stevens <alpha.stevens at gmail.com> wrote:
> It's quite a big news now
> So, Is our server affected with this bug?
> If yes, how can we deal with this problem
The openconnect client is not affected by poodle, since it doesn't use
the TLS negotiation used by browsers. I don't know about the
anyconnect clients. To be sure even for anyconnect clients the best is
to disable SSL 3.0 from the server anyway.
regards,
Nikos
More information about the openconnect-devel
mailing list