OpenSRS is disabling SSLv3 connections

Modified on: Thu, 23 Jan, 2020 at 2:14 PM

Business Automation Business Automation:5.5 Business Automation:5.x

Symptoms

OpenSRS is planning to disable SSLv3 connections. due to the POODLE vulnerability. HotFix for PBA 5.5.7 is already published.

Cause

A vulnerability in the design of SSLv3 was uncovered earlier this week. This vulnerability means that attackers could exploit this weakness and try to decrypt encrypted connections.

NOTE:

PBA 5.4 customers are not affected

Resolution

Install Hotfix.

Also the following workaround is possible before Hotfix installation - set temporary server which accepts SSLv3 connections:

Login to database host;
Connect to database;
Update host value for domain plugin in "OpenSRSMode" table for ‘Real mode’ to legacy-rr-n1-tor.opensrs.net:
```
pba=> update "OpenSRSMode" set "Host" = 'legacy-rr-n1-tor.opensrs.net' where "Mode" = '20';
```
Update host value for certificate plugin in "CertOpenSRSMode" table for ‘Real mode’ to legacy-rr-n1-tor.opensrs.net:
```
pba=> update "CertOpenSRSMode" set "Host" = 'legacy-rr-n1-tor.opensrs.net' where "Mode" = '20';
```

NOTE: This `legacy-rr-n1-tor.opensrs.net` server is only temporary so you should install this hotfix as soon as possible.

In order to revert the workaround once hotfix is installed, change host value back to 'rr-n1-tor.opensrs.net'.

Internal content

Did you find it helpful? Yes No