SL150 - How to Disable SSLv3 on Sun StorageTek SL150 Tape Library

Asset ID:	1-71-1951634.1
Update Date:	2018-03-02
Keywords:

Solution Type Technical Instruction Sure

Solution 1951634.1 : SL150 - How to Disable SSLv3 on Sun StorageTek SL150 Tape Library - SSL Poodle Vulnerability, CVE-2014-3566

Applies to:

StorageTek SL150 Modular Tape Library - Version All Versions and later
Information in this document applies to any platform.

Information in this document applies to all product platforms.

Goal

This document provides information on how to disable SSLv3 in web browsers impacted by CVE-2014-3566 for the SL150 Tape Library Product.

Solution

Firefox

As described in the Mozilla Security Blog, SSLv3 will be disabled by default in Firefox 34, which will be released on Nov 25, 2014.

For immediate relief, users can install the SSL Version Control Add-on.

This Add-on turns off SSLv3 by default and will set the minimum TLS version to TLS 1.0.

Alternatively, users can set the value "security.tls.version.min = 1" in the "about:config" dialog.

Internet Explorer

To disable SSLv3 in Internet Explorer on Windows Vista and newer, uncheck the "Use SSL 3.0" box on the "Advanced" tab in the Internet Options program.

Google Chrome

Chrome does not have a configurable setting to turn off SSLv3.

Instead, for any operating system, Chrome must be launched with the extra flag "--ssl-version-min=tls1" to disable SSLv3.

Consult your browser documentation for more details.

For additional details using other browsers, see: https://zmap.io/sslv3/browsers.html

Additional Protection in Future SL150 Firmware

System administrators and customer should continue to incorporate the browser based workarounds to limit authentication to TLSv1.0 or higher.

The SL150 firmware version v2.50 will internally limit authentication to TLS 1.0 or higher to prevent exposure to CVE-2014-3566 (a.k.a. Poodle)

Attachments

This solution has no attachment