A vulnerability scanner would be able to provide more information regarding affected systems, services, etc.
You can't just patch IE and say, "OK, I'm done". There's Firefox (which won't release a patched version until end of Nov and SSL3 can be disabled in the meantime with a plugin). Chrome only has a shortcut parameter that can be added to force disable SSL3, but doesn't get applied every time the browser is launched via other methods. Not to mention tons of other client/server software: FTP Clients, FTP Servers, Apache (included in a lot of 3rd party software), Other Webservers, etc.
If all you want to do is disable SSLv3 in Microsoft Internet Explorer and Microsoft Servers, there are registry modifications and GPO to do just that:
https://technet.microsoft.com/en-us/library/security/3009008.aspx
All other 3rd party products have to be patched individually and hope that the publisher provides the updates to do so, otherwise you have to find ways to do it manually.
ManageEngine has a manual procedure to disable SSLv3 in Apache that is included in Desktop Central, until they can implement it in their next update, but you have to contact support to get it:
Please refer the below instructions for the POODLE vulnerability issue.
Note: The below steps can be done only with 90080 and above.
Kindly open the websettings.conf file (<DesktopCentral_Server>/conf folder) via text editor and make the below changes.
- apache.sslprotocol=all -SSLv2 -SSLv3
- apache.sslhonorcipherorder=on
- apache.sslciphersuite=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
Save the file and restart DesktopCentral service
Desktop Central product team is responsible for upgrading the Open SSL and Apache to the latest however we do it only after multiple tests.
We have already released the hotfix which has the fix for Apache and Open SSL however it will be released before this month end as newsletter build. We always deliver major fixes/features during end of every month. If you have subscribed for the newsletter, you should receive the same via email.
However in the meantime if any customer asks for the hotfix on urgent basis, we will send the steps/hotfix immediately.
Note: POODLE fix isn't integrated with our hotfix yet which is expected to be integrated in our upcoming releases.