Can anyone tell me whether HCP v6 (and v7 for all that matters) is vulnerable for a SSL 3.0 Poodle attack announced by Google yesterday?
The methods to prevent such an attack would be:
- To prevent POODLE attacks on Firefox, open about:config, search for
"security.enable," and set "security.enable_ssl3" to false.
- To stop them on IE, go to the tools menu, click Internet Options and head to the
Advanced tab. Under that look for the Security heading, and make sure that the
SSL 3.0 check box is unchecked.
- If you're running a Web server, check with your upstream code provider in the case
of open-source programs such as Apache and Nginx or your vendor, as in the case
of Microsoft's Internet Information Server (IIS) for how to turn SSL
3.0 support off.