{"id":880,"date":"2014-10-28T13:05:45","date_gmt":"2014-10-28T13:05:45","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2014\/10\/28\/mitigating-poodle-on-the-brocade-adx\/"},"modified":"2021-07-24T17:06:36","modified_gmt":"2021-07-24T17:06:36","slug":"mitigating-poodle-on-the-brocade-adx","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html","title":{"rendered":"Mitigating Poodle on the Brocade ADX"},"content":{"rendered":"<p>In order to mitigate the Poodle vulnerability on the Brocade ADX SSLv3 must be disabled. However this can only be achieved via the code release 12.4s, which disables SSLv3 completely. All code versions prior to this do not have any method or option to disable the SSLv3 protocol.<\/p>\n<h2>HealthChecks<\/h2>\n<p>On the ADX there are 2 types of <a href=\"http:\/\/www.brocade.com\/support\/Product_Manuals\/ServerIron_SLBGuide\/health.4.10.html\">SSL healthcheck<\/a>. They are,<\/p>\n<ul>\n<li><strong>Simple<\/strong> &#8211; A SSL client hello is sent. If the server responds then the healthcheck passes.<\/li>\n<li><strong>Complete<\/strong> &#8211; A full SSL connection is created and a GET\/HEAD is sent. If the necessary response is received the healthcheck passes.<\/li>\n<\/ul>\n<p>Below shows the various versions used for the different healthchecks,<\/p>\n<table class=\"uk-table uk-table-striped\">\n<tbody>\n<tr>\n<td><strong>HC Type<\/strong><\/td>\n<td><strong>Code<\/strong><\/td>\n<td><strong>Version<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Simple<\/td>\n<td>12.4.00r + below<\/td>\n<td>SSLv3<\/td>\n<\/tr>\n<tr>\n<td>Simple&nbsp;<\/td>\n<td>12.5.01e + below<\/td>\n<td>SSLv3<\/td>\n<\/tr>\n<tr>\n<td>Complete<\/td>\n<td>12.4.00r + below<\/td>\n<td>TLS1.0<\/td>\n<\/tr>\n<tr>\n<td>Complete<\/td>\n<td>12.5.01e + below<\/td>\n<td>TLS1.0<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"margin: 0cm 0cm 0.0001pt;\">Should you want to enable SSLv3 for your Simple healthchecks the command<span class=\"codeinline\">server sslv3-in-simple-ssl-hc<\/span>is available.<\/p>\n<p><span class=\"uk-badge\">NOTE&nbsp;<\/span> 12.4s and all versions below only support TLS 1.0.<\/p>\n<h2>Troubleshooting<\/h2>\n<p>If both the client and server have only SSLv3 enabled then after upgrading to 12.4s the SSL connection will not establish, as mentioned this is because the ADX does not allow the use of the SSLv3 protocol. Should you need to troubleshoot this or another SSL issues the following commands can be used within <span class=\"codeinline\">rconsole virtual<\/span>.<\/p>\n<pre class=\"prettyprint\">show ssl statistics alert show ssl statistics counters show cp stat<\/pre>\n<h2>Appendix<\/h2>\n<p>The following versions provide the following features.<\/p>\n<ul>\n<li><strong>12.4u<\/strong> &#8211; Ability to disable\/enable ssl2\/ssl3 within the SSL Profile.<\/li>\n<li><strong>12.4v<\/strong> &#8211; Fixes CVE-2014-8730 (Poodle) for Web Management connections.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In order to mitigate the Poodle vulnerability on the Brocade ADX SSLv3 must be disabled. However this can only be achieved via the code release 12.4s, which disables SSLv3 completely. All code versions prior to this do not have any method or option to disable the SSLv3 protocol. HealthChecks On the ADX there are 2 &#8230; <a title=\"Mitigating Poodle on the Brocade ADX\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html\" aria-label=\"Read more about Mitigating Poodle on the Brocade ADX\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Mitigating Poodle on the Brocade ADX - Fir3net<\/title>\n<meta name=\"description\" content=\"In order to mitigate the Poodle vulnerability on the Brocade ADX SSLv3 must be disabled. However this can only be achieved via the code release 12.4s,\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mitigating Poodle on the Brocade ADX - Fir3net\" \/>\n<meta property=\"og:description\" content=\"In order to mitigate the Poodle vulnerability on the Brocade ADX SSLv3 must be disabled. However this can only be achieved via the code release 12.4s,\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2014-10-28T13:05:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-24T17:06:36+00:00\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Mitigating Poodle on the Brocade ADX\",\"datePublished\":\"2014-10-28T13:05:45+00:00\",\"dateModified\":\"2021-07-24T17:06:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html\"},\"wordCount\":250,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"articleSection\":[\"Brocade Loadbalancers\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html\",\"url\":\"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html\",\"name\":\"Mitigating Poodle on the Brocade ADX - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"datePublished\":\"2014-10-28T13:05:45+00:00\",\"dateModified\":\"2021-07-24T17:06:36+00:00\",\"description\":\"In order to mitigate the Poodle vulnerability on the Brocade ADX SSLv3 must be disabled. However this can only be achieved via the code release 12.4s,\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Networking\",\"item\":\"https:\/\/www.fir3net.com\/networking\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Loadbalancers\",\"item\":\"https:\/\/www.fir3net.com\/networking\/loadbalancers\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Brocade Loadbalancers\",\"item\":\"https:\/\/www.fir3net.com\/networking\/loadbalancers\/brocade\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Mitigating Poodle on the Brocade ADX\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mitigating Poodle on the Brocade ADX - Fir3net","description":"In order to mitigate the Poodle vulnerability on the Brocade ADX SSLv3 must be disabled. However this can only be achieved via the code release 12.4s,","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html","og_locale":"en_US","og_type":"article","og_title":"Mitigating Poodle on the Brocade ADX - Fir3net","og_description":"In order to mitigate the Poodle vulnerability on the Brocade ADX SSLv3 must be disabled. However this can only be achieved via the code release 12.4s,","og_url":"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html","og_site_name":"Fir3net","article_published_time":"2014-10-28T13:05:45+00:00","article_modified_time":"2021-07-24T17:06:36+00:00","author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Mitigating Poodle on the Brocade ADX","datePublished":"2014-10-28T13:05:45+00:00","dateModified":"2021-07-24T17:06:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html"},"wordCount":250,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"articleSection":["Brocade Loadbalancers"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html","url":"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html","name":"Mitigating Poodle on the Brocade ADX - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"datePublished":"2014-10-28T13:05:45+00:00","dateModified":"2021-07-24T17:06:36+00:00","description":"In order to mitigate the Poodle vulnerability on the Brocade ADX SSLv3 must be disabled. However this can only be achieved via the code release 12.4s,","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Loadbalancers\/Brocade\/mitigating-poodle-on-the-brocade-adx.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Networking","item":"https:\/\/www.fir3net.com\/networking"},{"@type":"ListItem","position":3,"name":"Loadbalancers","item":"https:\/\/www.fir3net.com\/networking\/loadbalancers"},{"@type":"ListItem","position":4,"name":"Brocade Loadbalancers","item":"https:\/\/www.fir3net.com\/networking\/loadbalancers\/brocade"},{"@type":"ListItem","position":5,"name":"Mitigating Poodle on the Brocade ADX"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/880"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=880"}],"version-history":[{"count":0,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/880\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}