Guard against the SSLv3 Vulnerability (“POODLE”) in Zeus Web Server

Guard against the SSLv3 Vulnerability (“POODLE”) in Zeus Web Server

Posted on

[This post is more of a public service announcement regarding the recent SSL v3 flaw dubbed “POODLE” for the few remaining people still using Zeus Web Server out there]

You’ve probably seen the warnings about the critical design flaw in SSL v3 allowing attackers to decrypt encrypted connections, dubbed “POODLE” (Padding Oracle On Downgraded Legacy Encryption).

To cut a long story short, you need to disable SSLv3 in your web server right now.  If you’re running Zeus Web Server, here’s how:

  1. Upgrade to Zeus Web Server 4.3r5 (the last release ever, from January 2010)
  2. Add the following setting to %ZEUSHOME%/web/global.cfg:
    tuning!ssl3_allow_rehandshake never
  3. Restart Zeus Web Server:
    (As root) %ZEUSHOME%/restart-zeus

Questions in the comments, please. If you don’t have a copy of Zeus Web Server 4.3r5, I can’t help you with that, I’m afraid.

Update: more useful information on disabling SSLv3 in web browsers and other web servers on StackExchange.

Get articles when they’re published

My articles get published irregularly (erratically, some might say). Never miss an article again by getting them delivered direct to your inbox as soon as they go live.  

Read more from Jock

The Practitioner's Guide to Product Management book cover

The Practitioner's Guide To Product Management

by Jock Busuttil

“This is a great book for Product Managers or those considering a career in Product Management.”

— Lyndsay Denton
Read a free extract
About

Jock Busuttil is a freelance head of product, product management coach and author. He has spent over two decades working with technology companies to improve their product management practices, from startups to multinationals. In 2012 Jock founded Product People Limited, which provides product management consultancy, coaching and training. Its clients include BBC, University of Cambridge, Ometria, Prolific and the UK’s Ministry of Justice and Government Digital Service (GDS). Jock holds a master’s degree in Classics from the University of Cambridge. He is the author of the popular book The Practitioner’s Guide To Product Management, which was published in January 2015 by Grand Central Publishing in the US and Piatkus in the UK. He writes the blog I Manage Products and weekly product management newsletter PRODUCTHEAD. You can find him on Mastodon, Twitter and LinkedIn.

Agree? Disagree? Share your views: