I think its not a problem, but to be sure i wanted to ask: We use the Server Load Balancing function in Network Security with HTTPS and Servers behind them which still support SSLv3 (but they are using IP-Whitelisting). It is/should not be a problem to update with removed SSLv3 support in the Firewall, right?
I think its not a problem, but to be sure i wanted to ask:
We use the Server Load Balancing function in Network Security with HTTPS and Servers behind them which still support SSLv3 (but they are using IP-Whitelisting). It is/should not be a problem to update with removed SSLv3 support in the Firewall, right?
I don't think it's a problem as long as your servers support TLS 1.x
For my understaning, the update package does not fix the vulnerability on SMTP Proxy. The description from 9.209-8 also states, that on many (not all!!) services SSLv3 will be disabled.
Up2Date 9.209008 package description:
Remark: System will be rebooted
News: Security Release Disable SSLv3 support in many services to remove vulnerability to SSLv3 protocol vulnerability ("POODLE", CVE-2014-3566)
For my understaning, the update package does not fix the vulnerability on SMTP Proxy. The description from 9.209-8 also states, that on many (not all!!) services SSLv3 will be disabled.
Up2Date 9.209008 package description:
Remark: System will be rebooted
News: Security Release Disable SSLv3 support in many services to remove vulnerability to SSLv3 protocol vulnerability ("POODLE", CVE-2014-3566)
