Cisco ASA POODLE Mitigation

Google has discovered a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. You can read more about here:
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html

Cisco has an Advisory out:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

You can also read the Cisco Event Response: POODLE Vulnerability:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_Poodle_10152014.html

To mitigate the POODLE vulnerability in Cisco ASA add these commands to the device configuration:

TPA-ASA#conf t
TPA-ASA(config)#ssl server-version tlsv1-only
TPA-ASA(config)#ssl client-version tlsv1-only

A great site to test for the POODLE Vulnerabiltiy is Qualys SSL Labs (https://www.ssllabs.com/ssltest/index.html). It runs a comprehensive SSL scan on the URL you want to scan.

As you can see below, I ran a scan before and after entering the commands.

Before adding commands:

After adding commands:

More Stories
Netstat and Finding Processes/Apps