Article ID: 123201, created on Oct 21, 2014, last review on Oct 22, 2014

  • Applies to:
  • Business Automation 5.5

Symptoms

OpenSRS is planning to disable SSLv3 connections. due to the POODLE vulnerability. HotFix for PBA 5.5.7 is already published.

Cause

A vulnerability in the design of SSLv3 was uncovered earlier this week. This vulnerability means that attackers could exploit this weakness and try to decrypt encrypted connections.

NOTE:

PBA 5.4 customers are not affected

Resolution

Install Hotfix.

Also the following workaround is possible before Hotfix installation - set temporary server which accepts SSLv3 connections:

  1. Login to database host;

  2. Connect to database;
  3. Update host value for domain plugin in "OpenSRSMode" table for ‘Real mode’ to legacy-rr-n1-tor.opensrs.net:

    pba=> update "OpenSRSMode" set "Host" = 'legacy-rr-n1-tor.opensrs.net' where "Mode" = '20';
    
  4. Update host value for certificate plugin in "CertOpenSRSMode" table for ‘Real mode’ to legacy-rr-n1-tor.opensrs.net:

    pba=> update "CertOpenSRSMode" set "Host" = 'legacy-rr-n1-tor.opensrs.net' where "Mode" = '20';
    

NOTE: This legacy-rr-n1-tor.opensrs.net server is only temporary so you should install this hotfix as soon as possible.

  1. In order to revert the workaround once hotfix is installed, change host value back to 'rr-n1-tor.opensrs.net'.

198398b282069eaf2d94a6af87dcb3ff caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 801221f8cd76fba7300d1e6817c8e08b 92711db0799e8aefe8e51f12dace0496

Email subscription for changes to this article
Save as PDF