Checking SSL/TLS connectivity via openssl to verify Poodle Fix

You can use below commands to check on which protocols a particular website responds: Recommended practice is to use only TLS1_1 & TLS1_2 as the enabled protocols on your web/app server. As SSL3 & TLS1 are not that secure now due to various uncovered vulnerabilities. openssl s_client -connect : -<ssl3|ssl2|tls1|tls1_1|tls1_2> openssl s_client -connect localhost:8080 -ssl2 ...

Running Middleware apps with non-root user on privileged ports < 1024 on Solaris

In Solaris 9 and above, non root users can open ports < 1024 with the below command: # su – # /usr/sbin/usermod -K defaultpriv=basic,net_privaddr <userId> Also this needs to be run once by root user, after this user will be able to bind to any available port & there will be no restriction

Heartbleed Bug affecting Weblogic websphere apache & other middleware application / web servers ?

So we all are hearing various news about Heartbleed Bug, so let’s see which of our middleware application servers are affected by this: Here is an brief review of the Bug -CVE-2014-0160: “OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit ...

Configure Oracle HTTP Server infront of Oracle WebLogic Server