Protection against the POODLE SSLv3 Vulnerability
Hi,
By now you would have heard about the POODLE vulnerability. An attacker can use this vulnerability to downgrade the security protocol - SSL 3.0 to be more specific - of any application that uses SSL and exploit a security hole in it. Since this problem is in the protocol, anything that uses SSL is affected.
You can secure ADSelfService Plus from this vulnerability by disabling SSL 3.0.
Follow the steps below to disable SSL 3.0 in ADSelfService Plus:
- Stop ADSelfService Plus (Click Start --> All Programs --> ADSelfService Plus --> Stop ADSelfService Plus).
- Take a backup of the server.xml file presetn in <install_dir>/conf (e.g.: C:\ManageEngine\ADSelfService Plus\conf) folder
- Open the server.xml file in a text editor and look for the Connector tag. This tag will be present only if you have enabled HTTPS in ADSelfService Plus.
- Add this value, sslProtocols="TLSv1", at the end of the connector tag like shown below:
- <​Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/selfservice.keystore" keystorePass="Your_Keystore_Password" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" name="SSL" port="9251" scheme="https" secure="true" sslProtocol="TLS" sslProtocols="TLSv1"/ >
- Now start ADSelfService Plus (Click on Start --> All Programs --> ADSelfService Plus --> Start ADSelfService Plus).
If you have any questions, feel free to reply to this post or drop an email to support@adselfserviceplus.com
Regards
ADSelfService Plus Team
Toll Free: +1-888-720-9500
Direct: +1-408-916-9890
Self Service Password Management Solution