Guard against the SSLv3 Vulnerability (“POODLE”) in Zeus Web Server

Guard against the SSLv3 Vulnerability (“POODLE”) in Zeus Web Server

This content was originally published more than five years ago and is archived here for preservation.

More up-to-date content is available on this blog.

[This post is more of a public service announcement regarding the recent SSL v3 flaw dubbed “POODLE” for the few remaining people still using Zeus Web Server out there]

You’ve probably seen the warnings about the critical design flaw in SSL v3 allowing attackers to decrypt encrypted connections, dubbed “POODLE” (Padding Oracle On Downgraded Legacy Encryption).

To cut a long story short, you need to disable SSLv3 in your web server right now.  If you’re running Zeus Web Server, here’s how:

  1. Upgrade to Zeus Web Server 4.3r5 (the last release ever, from January 2010)
  2. Add the following setting to %ZEUSHOME%/web/global.cfg:
    tuning!ssl3_allow_rehandshake never
  3. Restart Zeus Web Server:
    (As root) %ZEUSHOME%/restart-zeus

Questions in the comments, please. If you don’t have a copy of Zeus Web Server 4.3r5, I can’t help you with that, I’m afraid.

Update: more useful information on disabling SSLv3 in web browsers and other web servers on StackExchange.

Read more from Jock

The Practitioner's Guide to Product Management book cover

The Practitioner’s Guide to Product Management
by Jock Busuttil

“I wish this book was published when I started out in product management”

Keji A., Head of Product

Read a free excerpt

Get articles emailed to you

Pop your email address in and receive new articles straight to your inbox. Your email won't be used for anything else. Promise.

Jock is a freelance head of product, author and conference speaker. He has spent nearly two decades working with technology companies to improve their product management practices, from startups to multinationals. His clients include the BBC, University of Cambridge, and the UK's Ministry of Justice and Government Digital Service (GDS).In 2012 Jock founded Product People Limited, a product management consultancy and training company. He is also the author of the popular book The Practitioner's Guide to Product Management and the blog I Manage Products.

Tagged with: , , ,

Agree? Disagree? Share your views: