Is anyone able to comment on whether Servoy with its diverse range of networking capabilities is totally shielded from the POODLE SSLv3 vulnerability on the Internet, or is Servoy vulnerable if particular networking settings are in operation? I guess the answer lies in the fallback limitations (if any) configured in the server, of which there will be many flavours. Any evidence and views?
Hi Richard,
The POODLE vulnerability is not easy to exploit. I heard so far only one scenario and that is when users are using public WiFi.
Do your users use public hotspots ?
Hi Robert
Good point. In general the users do not use public WiFi. However, it would make sense for me to warn users not to do so.
in WAR deployment this is purely the containers configuration.
In an default application server install you should just tweak the tomcat configuration to allow only specific stuff on the https connector.