A vulnerability in the design of SSLv3 was uncovered earlier this week. This vulnerability means that attackers could exploit this weakness and try to decrypt encrypted connections.
PBA 5.4 customers are not affected
Also the following workaround is possible before Hotfix installation - set temporary server which accepts SSLv3 connections:
Login to database host;
- Connect to database;
Update host value for domain plugin in "OpenSRSMode" table for ‘Real mode’ to legacy-rr-n1-tor.opensrs.net:
pba=> update "OpenSRSMode" set "Host" = 'legacy-rr-n1-tor.opensrs.net' where "Mode" = '20';
Update host value for certificate plugin in "CertOpenSRSMode" table for ‘Real mode’ to legacy-rr-n1-tor.opensrs.net:
pba=> update "CertOpenSRSMode" set "Host" = 'legacy-rr-n1-tor.opensrs.net' where "Mode" = '20';
legacy-rr-n1-tor.opensrs.net server is only temporary so you should install this hotfix as soon as possible.
- In order to revert the workaround once hotfix is installed, change host value back to 'rr-n1-tor.opensrs.net'.