All Collections
Fix a Problem
Patching iRise Definition Center for the SSLv3 "Poodle" Security Vulnerability (CVE-2014-3566).
Patching iRise Definition Center for the SSLv3 "Poodle" Security Vulnerability (CVE-2014-3566).
This article explains and addresses the SSLv3 "Poodle" Security Vulnerability (CVE-2014-3566) in Definition Center.
Jamie Gutierrez avatar
Written by Jamie Gutierrez
Updated over a week ago

Poodle Security Vulnerability (CVE-2014-3566)

As you have most likely already heard, news sources, corporations and the OpenSSL team reported 14 October 2014 that version 3 of Secure Sockets Layer (SSLv3) is insecure. This vulnerability makes it possible for hackers to hijack a victim’s browsing session.

Patching iRise Definition Center

iRise recommends that this vulnerability be fixed ASAP. To fix this issue, it is necessary to add the following line to iRise/DefCenter/Tomcat/conf/server.xml, in the Connector element:

 sslEnabledProtocols ="TLSv1,TLSv1.1,TLSv1.2"

You can make the change to the file while your Definition Center is running, but to enable the change you will need to stop and start the iRise Definition Center service.

Additional Information

If you are not already running your Definition Center using TLS (Transport Layer Security - https) we strongly recommend you follow the steps in this article to do so. Also, use the article to ensure you are adding the above code change to the correct connector item in your server.xml file.

Did this answer your question?