Skip to main content
ExLibris

Knowledge Assistant

BETA
  • Subscribe by RSS
  • Back
    Verde

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Verde
    3. Knowledge Articles
    4. SSL 3.0 Vulnerability ("POODLE")

    SSL 3.0 Vulnerability ("POODLE")

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Description
    2. Resolution
    3. Additional Information
    • Product: Cross-Product
    • Product Version: All

    Description

    Engineers at Google have disclosed a vulnerability in SSLv3 that can allow a network attacker to decrypt the contents of certain encrypted web communications.

    The exploit is called POODLE (Padding Oracle On Downgraded Legacy Encryption) (CVE-2014-3566), and is made possible by the abuse of a deprecated encryption protocol included in most web browsers and web servers, for legacy site and/or browser compatibility.

    The Ex Libris Security Officer has published an announcement regarding this vulnerability: Security Update Customer Announcement-Poodle.pdf

    Resolution

    Products Metalib, Aleph, DigiTool and Alma have been successfully tested with the following solution:

    1. In ssl.conf, add the following line after the current SSLCipherSuite directive:

    #   SSL Cipher Suite:List the ciphers that the client is permitted to negotiate.
    #   See the mod_ssl documentation for a complete list.

    SSLProtocol All -SSLv2 -SSLv3

    1. Restart Apache, which will start apache https without support for SSLv2 and v3 which are vulnerable for the latest security issue.

    Additional Information

    Specific to Aleph:

    • The ssl.conf file is located in ./alephe/apache/conf
    • Use util w/3/6 to restart the Apache server.
    • On Dec. 10, 2014, rep_change 2114 was added to Aleph 22: Remove support for SSLv2 and SSLv3 (which are vulnerable).

    • Article last edited: 11-Dec-2014
    View article in the Exlibris Knowledge Center
    1. Back to top
      • Sponsoring library is not displayed in the e-product summary tab
      • Steps with similar content in the License workflow
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Knowledge Article
      Language
      English
      Product
      Verde
    2. Tags
      1. contype:kba
      2. Prod:Verde
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved