Skip to main content
 
developerWorks
AIX and UNIX
Information Mgmt
Lotus
New to Lotus
Products
How to buy
Downloads
Live demos
Technical library
Training
Support
Forums & community
Events
Rational
Tivoli
WebSphere
Java™ technology
Linux
Open source
SOA and Web services
Web development
XML
My developerWorks
About dW
Submit content
Feedback



developerWorks  >  Lotus  >  Forums & community  >  Lotus Protector Forum

Lotus Protector Forum

developerWorks

  

Sign in to participate PreviousPrevious NextNext


Jan Kreutzer 21.Oct.14 10:51 AM a Web browser
Announcement Mail Security - All releases All Platforms


How To Protect your LotusProtector for MailSecurity against the POODLE SSLv3 Vulnerability.

At the end of this week, IBM will release an official Knowledgebase Article how you can protect LPMSS against this new Vulnerabillity but in case you want to avoid this Vulnerabillity for the Apache2 used in LotusProtector before the official statement, please follow this instruction.

To check, if SSLV3 is enabled on your LotusProtector, please login as root using ssh and insert this command

openssl s_client -connect localhost:443 -ssl3
openssl s_client -connect localhost:4443 -ssl3

If you see a result page other than

CONNECTED(00000003)
14700:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:
14700:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.

you are affected (for sure you are) and you can disable SSLV3 by following this instructions.

vi /etc/apache2/vhosts.d/mailsec_vhosts.conf

In this file you should see 2 sections (<VirtualHost *:443> and <VirtualHost *:4443>) for Admin and Enduser Interface.

In both sections you should find a line with:

SSLProtocol all -SSLv2

Please add -SSLv3 that the lines should now look like:

SSLProtocol all -SSLv2 -SSLv3

Save the config and restart Apache Webserver: service apache2 restart

Make the test with openssl s_client -connect localhost:443 -ssl3 again and check the result. Connection should be denied.

How to patch the SMTP Deamon against Poodle Vulnerabillity will follow soon.








  Document options
Print this pagePrint this page

 Search this forum

  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Author
Category
Platform
Release
Advanced search

 Sign In or Register
Sign in
Forgot your password?
Forgot your user name?
Create new registration

 RSS feedsRSS
All forum posts RSS
All main topics RSS
More Lotus RSS feeds

Resources

 Resources
Forum use and etiquette
Native Notes Access
Web site Feedback

Lotus Support

 Lotus Support
IBM Support Portal - Lotus software
Lotus Support documents
Lotus support by product
Lotus support downloads
Lotus support RSS feeds

Wikis

 Wikis
IBM Composite Applications
IBM Mashup Center
IBM Connections
IBM Connections Cloud Developers
IBM Docs
IBM Forms
IBM Mobile Connect
IBM Sametime
IBM SmartCloud for Social Business
IBM Web Experience Factory
Lotus Domino
Lotus Domino Designer
Lotus Expeditor
Lotus Foundations
Lotus iNotes
Lotus Instructor Community Courseware
Lotus Notes
Lotus Notes & Domino Application Development
Lotus Notes Traveler
Lotus Protector
Lotus Quickr
Lotus Symphony
IBM Web Content Manager
WebSphere Portal

Lotus Forums


 Lotus Forums
Notes/Domino 9.0
Notes/Domino 8.5 + Traveler
Notes/Domino XPages development forum
Notes/Domino 8
Notes/Domino 6 and 7
IBM Connections
IBM Mobile Connect
IBM Sametime
IBM SmartCloud Notes
Lotus Enterprise Integration
Lotus Protector
Lotus Quickr
Lotus SmartSuite