POODLE SSLV3.0 Security Issue Workaround for License Server

POODLE SSLV3.0 Security Issue Workaround for License Server

book

Article ID: CTX200265

calendar_today

Updated On:

Description

Citrix Licensing 11.12.1 for Windows might be vulnerable to the Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability.  POODLE affects older standards of encryption - Secure Socket Layer (SSL) version 3 but not the newer encryption method Transport Layer Security (TLS). Citrix suggests the following workaround to mitigate a security issue.

Instructions

Configuration changes for the License Administration Console

  1. Go to the License Server installation location. For example,
    C:\Program Files (x86)\Citrix\Licensing\LS\Conf
  2. Open Server.xml in any editor and add the following attributes to the webserver element: 
    sslProtocol="-All +TLSv1"
The XML element will look like
<webserver … sslProtocol="-All +TLSv1">
  3. Restart the Citrix Licensing service.

Restart Citrix Licensing Service with Service Manager

  1. In the Run dialog box, type services.msc and click OK.
    OR
    Go to Control Panel > Administrative Tools > Services.
  2. Restart the Citrix Licensing service as shown below.
User-added image

Restart Citrix Licensing Service at a command prompt

  1. At the command prompt, type net stop “Citrix Licensing” and press Enter.
  2. After the service is stopped type net start “Citrix Licensing” and press Enter.
It will look like this:

User-added image

Configuration changes for the Citrix Web Services for Licensing web server

  1. Go to the License Server installation location. For example,
    C:\Program Files (x86)\Citrix\Licensing\\WebServicesForLicensing\Apache\Conf\extra
  2. Open httpd-ssl.conf in any editor and locate this line: 
    SSLProtocol ALL -SSLv2
  3. Change the line to: 
    SSLProtocol -ALL +TLSv1
  4. Restart the Citrix Web Services for Licensing service.

Restart Citrix Web Services for Licensing with Service Manager

  1. In the Run dialog box, type services.msc and click OK.
    OR
    Go to Control Panel > Administrative Tools > Services.
  2. Restart the Citrix Web Services for Licensing service as shown below.
User-added image

Restart Citrix Web Services for Licensing at a command prompt

  1. At the command prompt, type net stop “CitrixWebServicesForLicensing” and press Enter.
  2. After the service is stopped type net start “CitrixWebServicesForLicensing” and press Enter.
It will look like this:

User-added image

Issue/Introduction

POODLE: SSLv3 vulnerability (CVE-2014-3566)
Powered by Wolken Software