Technical Support Bulletins

Technical Support Bulletin TSB 2015-216-A

Description: This bulletin provides information regarding the recently identified vulnerability in the SSL protocol documented by CVE-2014-3566. This vulnerability, commonly known as POODLE (Padded Oracle On Downgraded Legacy Encryption) is specific to SSL protocol 3.0, and takes advantage of the way blocks of data are encrypted in the Cipher Block Chaining (CBC) mode of block ciphers The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue Brocade FastIron devices support SSL 3.0 and are thus susceptible to this vulnerability. SSL 3.0 is used whenever OpenFlow or Web Management (https) is configured.
Release Date:
February 27, 2015
Edit Date:

Applicable To The Following Products

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.