Patch to address OpenSSL issue for proxy servers

book

Article ID: 160924

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

OpenSSL SSL/TLS clients and servers are being compromised by man-in-the-middle (MITM) attacks.  In this attack, a hacker can decrypt and modify traffic between vulnerable clients and servers.  OpenSSL clients are vulnerable in all versions of OpenSSL. Servers appear to be vulnerable to just OpenSSL 1.0.1 and 1.0.2-beta1.  This vulnerability affects Symantec Secure Email Proxy and Symantec Secure App Proxy.

For more information about this vulnerability, go to the following link: www.openssl.org/news/secadv_20140605.txt

Resolution

Apply a patch to your proxy:

 1. Download the file attached to this KB. 

The attached file is an ISO that contains a script.  The script detects App Proxy or Email Proxy installation, displays currently used versions of OpenSSL and the version to be applied, and prompts you to apply the patch.

2.   Mount the .iso.

3.   Type the following command:

       /apply.sh

 


Applies To

Symantec Secure Email Proxy server 4.4 and later

Symantec Secure App Proxy server 4.4 and later

Attachments

Proxy_x86_64_R4.40.openssl101h.patch.iso get_app