resources

October 17, 2014 – Advisory: SSL 3.0 Exploit (a.k.a POODLE attack)

In response to the recently documented SSL 3.0 vulnerability (Reference: CVE-2014-3566), InterSystems advises customers to switch from using or requiring SSL 2.0 or SSL 3.0 and instead use only TLSv1.

InterSystems products support TLSv1, SSL 3.0 and SSL 2.0 for SSL/TLS. The SSL/TLS configuration can be controlled through the Management Portal (System > Security Management > SSL/TLS Configuration)

Furthermore, beginning with version 2014.2, InterSystems products will default for newly defined SSL/TLS configurations to only include TLSv1; SSL 3.0 will still be available as an option.

If you have any questions regarding this advisory, please contact the Worldwide Response Center.