Security vulnerability SSL 3.0 - POODLE issue

CollabNet is aware of an SSL 3.0 (Secure Sockets Layer) vulnerability that allows the content of secured connections made over SSL 3.0 to be deciphered by an attacker.

For more information, see the following sites:

In this context, to achieve secure encryption, SSL 3.0 must be avoided entirely. When you disable SSL 3.0, any client which has TLS 1.0 (Transport Layer Security) support will automatically switch to TLS and continue to work; you may not even notice the change.

Moreover, according to http://en.wikipedia.org/wiki/Transport_Layer_Security TLS 1.0 is supported by default, by Internet Explorer 7 and later versions.

Note:
  • It is assumed that your client already has a TLS connection, because, SSL 3.0 is an 18 year old protocol and many clients have already been using the latest version of TLS.
  • If you have any issues configuring TLS standard, please update your client or check the client documentation.
To disable SSL 3.0 in your servers, follow the instructions in the following sections.
Important: Disable SSL 3.0 on all the servers that have https enabled.

Questions? Comments? Talk to other users of CollabNet products and the engineers behind them.

Copyright 2020 CollabNet Corporation | Site Feedback | Terms of Use | Privacy Policy | Copyright and Trademark | Support