KB Article #161287

SecureTransport Server and CVE-2011-3389 vulnerability

Problem

SecureTransport Server and CVE-2011-3389 vulnerability.

SSL protocol encrypts data by using CBC mode with chained initialization vectors.

Resolution

To resolve the reported vulnerability against SecureTtransport Server, modify the available ciphers to not include ciphers that contain weak CBC

 

-Make the following changes for HTTP serivice:
Edit FILEDRIVEHOME/conf/httpd.conf  and modify the ciphers directive to be as the one below:
SSLCipherSuite RC4-SHA:RC4-MD5:+HIGH:+MEDIUM:!LOW:!aNULL:!ADH:!eNULL:!SSLv2:!EXP

 

-Make the following changes for FTP service
Edit FILEDRIVEHOME/conf/filedrive.conf and modify the ciphers directive to be as the one below:
ciphers RC4-SHA:RC4-MD5:+HIGH:+MEDIUM:!LOW:!aNULL:!ADH:!eNULL:!SSLv2:!EXP

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.