Mario Pio Russo
2015-Jul-08 14:01 UTC
[Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects
Thanks Kelvin I'm a bit confised tho, is this patch already avaiable? if yes, what is the parameter that disable ssl into the smb.conf? Maybe the guys from Enterprise samba have already included the patch into their releases so it's just a maatter of enabling the flag. I'm using sernet-samba-4.2.2 Thanks! ___________________________________________________________________________________________ Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 815 2236, eMail: mariopiorusso at ie.ibm.com IBM Ireland Product Distribution Limited registered in Ireland with number 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 (Embedded image moved to file: pic57151.gif) From: "Kelvin Yip" <kelvin at icshk.com> To: <samba at lists.samba.org> Date: 08/07/2015 10:12 Subject: Re: [Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects Sent by: samba-bounces at lists.samba.org I have file a bug and modified the source code to make samba4 do not use SSLV3, but I am not able to make a patch to this. https://bugzilla.samba.org/show_bug.cgi?id=11076 -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Mario Pio Russo Sent: Wednesday, July 08, 2015 4:48 PM To: samba at lists.samba.org Subject: [Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects Good Day All Sorry if this is a repeated email, but I need some information about how to disable SSL on a Samba4.2.2 AD domain controller as the nessus scanner is reporting the POODLE vulnerability and we are not allowed to have any of that in our environment. the nessus scan reports poodle vulnerability on all these ports: 443, 636, 3269 I had a look at previous posts but couldn't find a definitive answer any help is highly appreciated. Thank you ____________________________________________________________________________ _______________ Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 815 2236, eMail: mariopiorusso at ie.ibm.com IBM Ireland Product Distribution Limited registered in Ireland with number 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 (Embedded image moved to file: pic14574.gif) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Kelvin Yip
2015-Jul-09 01:29 UTC
[Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects
No patch available now. Download the source code and modified the source code yourself, and then compile it. -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Mario Pio Russo Sent: Wednesday, July 08, 2015 10:01 PM To: Kelvin Yip Cc: samba at lists.samba.org; samba-bounces at lists.samba.org Subject: Re: [Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects Thanks Kelvin I'm a bit confised tho, is this patch already avaiable? if yes, what is the parameter that disable ssl into the smb.conf? Maybe the guys from Enterprise samba have already included the patch into their releases so it's just a maatter of enabling the flag. I'm using sernet-samba-4.2.2 Thanks! ____________________________________________________________________________ _______________ Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 815 2236, eMail: mariopiorusso at ie.ibm.com IBM Ireland Product Distribution Limited registered in Ireland with number 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 (Embedded image moved to file: pic57151.gif) From: "Kelvin Yip" <kelvin at icshk.com> To: <samba at lists.samba.org> Date: 08/07/2015 10:12 Subject: Re: [Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects Sent by: samba-bounces at lists.samba.org I have file a bug and modified the source code to make samba4 do not use SSLV3, but I am not able to make a patch to this. https://bugzilla.samba.org/show_bug.cgi?id=11076 -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Mario Pio Russo Sent: Wednesday, July 08, 2015 4:48 PM To: samba at lists.samba.org Subject: [Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects Good Day All Sorry if this is a repeated email, but I need some information about how to disable SSL on a Samba4.2.2 AD domain controller as the nessus scanner is reporting the POODLE vulnerability and we are not allowed to have any of that in our environment. the nessus scan reports poodle vulnerability on all these ports: 443, 636, 3269 I had a look at previous posts but couldn't find a definitive answer any help is highly appreciated. Thank you ____________________________________________________________________________ _______________ Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 815 2236, eMail: mariopiorusso at ie.ibm.com IBM Ireland Product Distribution Limited registered in Ireland with number 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 (Embedded image moved to file: pic14574.gif) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Mario Pio Russo
2015-Jul-09 10:14 UTC
[Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects
Arg... that's a problem now.. we are not allowed to complie third party software in our dev enviroment, we are only allowed to use packages (that's why we use sernet-samba, which in fairness is great!). any plan to release a proper patch? ___________________________________________________________________________________________ Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 815 2236, eMail: mariopiorusso at ie.ibm.com IBM Ireland Product Distribution Limited registered in Ireland with number 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 (Embedded image moved to file: pic12108.gif) From: "Kelvin Yip" <kelvin at icshk.com> To: Mario Pio Russo/Ireland/IBM at IBMIE Cc: samba at lists.samba.org, samba-bounces at lists.samba.org Date: 09/07/2015 02:55 Subject: Re: [Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects Sent by: "samba" <samba-bounces at lists.samba.org> No patch available now. Download the source code and modified the source code yourself, and then compile it. -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Mario Pio Russo Sent: Wednesday, July 08, 2015 10:01 PM To: Kelvin Yip Cc: samba at lists.samba.org; samba-bounces at lists.samba.org Subject: Re: [Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects Thanks Kelvin I'm a bit confised tho, is this patch already avaiable? if yes, what is the parameter that disable ssl into the smb.conf? Maybe the guys from Enterprise samba have already included the patch into their releases so it's just a maatter of enabling the flag. I'm using sernet-samba-4.2.2 Thanks! ____________________________________________________________________________ _______________ Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 815 2236, eMail: mariopiorusso at ie.ibm.com IBM Ireland Product Distribution Limited registered in Ireland with number 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 (Embedded image moved to file: pic57151.gif) From: "Kelvin Yip" <kelvin at icshk.com> To: <samba at lists.samba.org> Date: 08/07/2015 10:12 Subject: Re: [Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects Sent by: samba-bounces at lists.samba.org I have file a bug and modified the source code to make samba4 do not use SSLV3, but I am not able to make a patch to this. https://bugzilla.samba.org/show_bug.cgi?id=11076 -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Mario Pio Russo Sent: Wednesday, July 08, 2015 4:48 PM To: samba at lists.samba.org Subject: [Samba] Samba 4 - disabling SSLv3 to mitigate POODLE effects Good Day All Sorry if this is a repeated email, but I need some information about how to disable SSL on a Samba4.2.2 AD domain controller as the nessus scanner is reporting the POODLE vulnerability and we are not allowed to have any of that in our environment. the nessus scan reports poodle vulnerability on all these ports: 443, 636, 3269 I had a look at previous posts but couldn't find a definitive answer any help is highly appreciated. Thank you ____________________________________________________________________________ _______________ Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1 815 2236, eMail: mariopiorusso at ie.ibm.com IBM Ireland Product Distribution Limited registered in Ireland with number 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4 (Embedded image moved to file: pic14574.gif) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Reasonably Related Threads
- Samba 4 - disabling SSLv3 to mitigate POODLE effects
- Samba 4 - disabling SSLv3 to mitigate POODLE effects
- Samba 4 - disabling SSLv3 to mitigate POODLE effects
- Samba 4 - disabling SSLv3 to mitigate POODLE effects
- Samba 4 - disabling SSLv3 to mitigate POODLE effects