This article explains what the POODLE vulnerability [CVE-2014-3566] is and how to prepare IMSS to prevent attacks from this vulnerability.
SSL 3.0 [RFC6101] is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1 [RFC4346], and TLS 1.2 [RFC5246], many TLS implementations remain backwardscompatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience.
The protocol handshake provides for authenticated version negotiation, so the latest protocol version common to the client and the server will be used.
However, even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around server-side interoperability bugs.
To avert POODLE vulnerability attacks, you need to disable SSL 3.0.
Administration web console
- Open the ${install_dir} / imss/UI/adminUI/conf/server.xml file using a text editor.
- Look for the sslProtocol for the 8445 port.
You will find sslProtocol="TLS"
Change it to: sslProtocol="SSL" sslEnabledProtocols="TLSv1.2"
- Save and close the file.
- Restart the admin console using the command "${install_dir} /imss/script/S99ADMINUI restart".
EUQ web console
- Open the ${install_dir} /imss/UI/euqUI/conf/EUQ.conf file using a text editor.
- Look for the "SSLProtocol" key.
Change it to: SSLProtocol All -SSLv2 -SSLv3
If the key does not exist, add it at the end of the file.
- Save and close the file.
- Open the ${install_dir}/ imss/UI/euqUI/conf/server.xml file using a text editor.
- Find the sslProtocol for the 8446 port.
You will find sslProtocol="TLS".
Change it to: sslProtocol="SSL" sslEnabledProtocols="TLSv1.2"
- Restart the EUQ console using the command "${install_dir} /imss/script/S99EUQ restart".
Administration web console
- Open the ${install_dir} / imss/UI/adminUI/conf/server.xml file using a text editor.
- Look for the sslProtocol for the 8445 port.
You will find sslProtocol="TLS"
Change it to: sslProtocol="SSL" sslEnabledProtocols="TLSv1.2"
- Save and close the file.
- Restart the Trend Micro IMSS web console service.
EUQ web console
- Open the ${install_dir} /imss/UI/euqUI/conf/EUQ.conf file using a text editor.
- Look for the SSLProtocol key.
Change it to:
SSLProtocol All -SSLv2 -SSLv3
- Save and close the file.
- Open the ${install_dir}/ imss/UI/euqUI/conf/server.xml file using a text editor.
- Look for the sslProtocol for the 8446 port.
You will find sslProtocol="TLS".
Change it to: sslProtocol="SSL" sslEnabledProtocols="TLSv1.2"
- Restart Trend Micro IMSS EUQ Load Balancer and rend Micro IMSS End User Quarantine Console services.
IMSS MTA
If you enabled SMTP TLS via Administration > TLS Settings > IP Address/Domain List, you need to add a protocol to the setting in the database.
- Connect to database.
- Open the tb_mta_config table.
- Find TLS.Server.Policyx in the SmtpServer section.
Where x is the number of lists configured in the UI.
- Modify the value by appending ";Protocol=TLSv1”.
For example, you want to configure two items in the UI.
In the database we will see:
Append “;Protocol=TLSv1” to the policy value. After modifying the value, it will look like this:
- Append the “;Protocol=TLSv1” to the policy value of TLS.Client.Policyx in the SmtpClient section. Follow the same procedures as the previous step.
- Restart the Trend Micro IMSS SMTP service.