PSIRT Advisory

CVE-2014-8730 "Poodle for TLS" vulnerability

Impact

Secure Connection Hijacking

Affected Products

FortiOS

Solutions

The following IPS signature blocks any attack attempt:

TLS.Padding.Oracle.Information.Disclosure
It is available in IPS update 5.587.
FortiOS - As a workaround, disable hardware acceleration by applying the settings:
config system globalset virtual-server-hardware-acceleration disableend
Note: The performance impact may be significant.