To disable SSL v3 for hub-to-robot communications:

1. Open the hub GUI

2. From the main screen click the "Settings" button.

3. From the Advanced Settings window navigate to the SSL tab

4. Enter the following string for "Cipher Type":

    RC4-SHA

This will disable all POODLE-vulnerable ciphers.

Automated scanning tools may still report that SSLv3 is enabled - but the ciphers which specifically can be exploited by POODLE will be disabled, so the system will no longer be vulnerable to the exploit.

It is possible that some scanning tools may no longer report the vulnerability if you change the above to RC4-SHA1 instead of RC4-SHA, but our testing has shown that RC4-SHA is not actually vulnerable to POODLE.

To disable SSL v3 for hub-to-hub (tunnel) communications, take the following steps on all tunnel server hubs:

1. Open the hub GUI

2. Navigate to the "Tunnels" tab

3. Navigate to the "Server Configuration" tab

4. under the "Security Settings" section, choose the "Custom" radio button.

5. In the custom text box, enter the same string as above (RC4-SHA or RC4-SHA1).

IMPORTANT NOTE:  After making this change, you will need to re-create your tunnel client certificates and re-create your tunnel connections using these newly-generated certificates.

keywords: Robot version accepts SSLv3 connections connection ssl SSL v3 version 3 poodle vulnerability security concern concerns robot