SSL v3 "POODLE" Vulnerability

Impact Detail

An attack against the SSL version 3.0 protocol allows the plaintext ofsecure connections to be calculated by an attacker in a Man-in-the-Middle (MitM)position. SSLv3 was been replaced by TLS 15 years ago, however, before establishing asecure connection between a client and a server, a negotiation phase or"downgrade dance" takes place: the two decide on a secure protocol versionthat is compatible to both. During this phase, after all attempts to setup aTLS connection fail, the next protocol attempted is SSLv3. The downgrade, apart from being initiated by one of the parties, can also becaused by network glitches. Hence, if a Man-in-the-Middle can disrupt anyhandshakes for TLS protocols between the server and client, they caneventually be forced to settle on SSLv3.

Affected Products

FortiGate in its default configuration (GUI, and if enabled: VIP load-balance, SSL VPN, wanopt, SIP SSL)
FortiMail in its default configuration (HTTPS GUI and all mail ssl services: SMTPS, IMAPS, POP3S)
FortiAnalyzer and FortiManager < version 5.0.9 for branch 5.0.X and < version 5.2.1 for branch 5.2.X
FortiAnalyzer and FortiManager - version 5.0.9 and version 5.2.1 in their default configuration
FortiAuthenticator - version 3.0 only; 3.1 and 3.2 are not affected
FortiCache - version 2.2 and 2.3, plus version 3.0 only in its default configuration
FortiWeb < version 5.3.2 for branch 5.3.X and < version 5.2.4 for branch 5.2.X
FortiWeb - version 5.3.2 and 5.2.4 in their default configuration
FortiDDoS < version 4.1.3
FortiADC-D - All versions FortiADC-E - Cluster VIP (in its default configuration), and GUI, All versions
FortiClient - All versions
FortiVoice-Enterprise in its default configuration
FortiRecorder in its default configuration
FortiDB - All versions
FortiSwitchOS in its default configuration
FortiSwitch ATCA - All versions

Solutions

Although FortiGates, FortiMail, FortiCache and FortiSwitchOS are vulnerable in their default configuration, there is a CLI setting which disables SSLv3 (see settings details below). As of this writing, the only reported compatibility issue that may ensue is with Internet Explorer 6.
Thus a patch release will not be necessary for FortiGates, all versions (4.3.X, 5.0.X, 5.2.X), FortiMail (5.0.X and 5.2.X), FortiCache, FortiVoice-Enterprise, FortiRecorder and FortiSwitchOS.
The status of other products within the Fortinet family is being reviewed, and this advisory will be updated accordingly.
Alternatively, SSLv3 can be disabled in client browsers (refer to documentation for your browser, or to the FortiGuard FAQ on Poodle - see link in References below).
FortiOS - Apply the settings:
For the HTTPS GUI:
    config system global      set strong-crypto enable      end  

Other possibly enabled features:
For the VIP load-balance:
    config firewall vip       edit "your_vip"      set ssl-min-version tls-1.0      end  
For SSL VPN:
    config vpn ssl settings    set sslv3 disable  (enabled per default)    end
For wanopt:
    config wanopt ssl-server       edit <profile>      set ssl-min-version tls-1.0      end
For SIP SSL (not supported on low end units):
    config voip profile    edit <profile>        config sip    set ssl-mode full    set ssl-min-version tls-1.0
FortiMail - Apply the settings:
    config system global    set strong-crypto enable    end
FortiCache 3.0 - Apply the settings:
For the HTTPS GUI:
  config system global  set strong-crypto enable  end
For the HTTPS wan optimization:
    config wanopt ssl-server    edit <profile>      set ssl-min-version tls-1.0    end
FortiADC-E - Apply the settings:
For the Cluster VIP HTTPS:
System->Load Balance->Clusters->Security->SSL: Remove checkbox "Allow SSLv3"
FortiVoice-Enterprise - Apply the settings:
config system globalset strong-crypto enableend
FortiRecorder - Apply the settings:
config system globalset strong-crypto enableend
FortiSwitchOS - Apply the settings:
config system globalset strong-crypto enableend
FortiManager and FortiAnalyzer - Upgrade to 5.0.9 or 5.2.1 and apply the settings:
config system globalset ssl-protocol tlsv1end

FortiDDoS - Upgrade to 4.1.3
FortiWeb - Upgrade to 5.3.2 or 5.2.4 and apply the settings:
config system advancedset no-sslv3 enableendconfig system globalset no-sslv3 enableend