T10000A/T10000B - CVE-2014-3566, Poodle Vulnerability

Asset ID:	1-72-1952054.1
Update Date:	2017-12-28
Keywords:

Solution Type Problem Resolution Sure

Solution 1952054.1 : T10000A/T10000B - CVE-2014-3566, Poodle Vulnerability

Applies to:

Sun StorageTek T10000A Tape Drive - Version All Versions to All Versions [Release All Releases]
Sun StorageTek T10000B Tape Drive - Version All Versions to All Versions [Release All Releases]
Information in this document applies to any platform.

The current release, 1.50.103 (T10KA),1.50.203 (T10KB) and prior releases of the T10000A/B tape drive firmware/s do have support for SSL v3.0 and TLS v1.0 enabled. SSL v3.0 cannot be disabled in the T10000A/B drive by the user. However, SSL v3.0 will not be used by the drive. The T10000A and T120000B tape drives only use TLS 1.0 to communicate with the Oracle Key Manager (OKM). The OKM does not support SSL v3.0. Since OKM does not support SSL v3.0, the SSL connection between the drive and the OKM can never fallback to using SSL v3.0.

Symptoms

A critical security bug has been reported publicly against SSL v3.0 under CVE-2014-3566 and is sometimes called the Poodle Vulnerability.

Cause

Support for SSL v3.0 and TLS v1.0 enabled.

Solution

Long Term Solution: SSL v3.0 will be disabled in the upcoming 1.51.xxx release and all future releases of the T10000A/B drive firmware. Target for release is Mid-2015.

The 1.51.1xx code was released and is now superseded with release 1.52.x03 code. So this change is already in the code. (Nov-2016)

Attachments

This solution has no attachment