Symptoms
OpenSRS is planning to disable SSLv3 connections. due to the POODLE vulnerability. HotFix for PBA 5.5.7 is already published.
Cause
A vulnerability in the design of SSLv3 was uncovered earlier this week. This vulnerability means that attackers could exploit this weakness and try to decrypt encrypted connections.
NOTE:
PBA 5.4 customers are not affected
Resolution
Install Hotfix.
Also the following workaround is possible before Hotfix installation - set temporary server which accepts SSLv3 connections:
Login to database host;
- Connect to database;
Update host value for domain plugin in "OpenSRSMode" table for ‘Real mode’ to legacy-rr-n1-tor.opensrs.net:
pba=> update "OpenSRSMode" set "Host" = 'legacy-rr-n1-tor.opensrs.net' where "Mode" = '20';
Update host value for certificate plugin in "CertOpenSRSMode" table for ‘Real mode’ to legacy-rr-n1-tor.opensrs.net:
pba=> update "CertOpenSRSMode" set "Host" = 'legacy-rr-n1-tor.opensrs.net' where "Mode" = '20';
NOTE: This legacy-rr-n1-tor.opensrs.net
server is only temporary so you should install this hotfix as soon as possible.
- In order to revert the workaround once hotfix is installed, change host value back to 'rr-n1-tor.opensrs.net'.