LANCOM Support Knowledgebase Document No. 1410.1511.3308.RHOO - V1.90

Disabling SSLv3.0 on LANCOM devices



Description:

This document describes how to disable the use of the SSLv3 protocol on LANCOM devices.

After deactivating SSLv3, by default only the protocol TLS remains active. The settings apply to both the HTTP server and the HTTP client in LCOS.

Information:
  • If you are operating configured LANCOM devices with LCOS firmware version 8.50 or later, to disable SSLv3 you have to upload the script file provided below into the LANCOM devices.
  • Since LCOS version 9.0 RU3 and also LCOS 8.84 RU4 (download), the SSLv3 protocol is disabled by default if a firmware update of LANCOM devices is performed on devices with the unconfigured factory settings.
    • If you are updating configured LANCOM devices to the LCOS 9.0 RU3 or LOCS 8.84 RU4 or later, to disable SSLv3 you have to upload the script file provided below into the LANCOM devices.
  • For information about the vulnerability in the SSLv3 protocol (also known as the POODLE hack), see the National Institute of Standards and Technology homepage under publication number CVE-2014-3566.



Requirements:
  • LCOS version 8.50 and later (download)
  • LCMS version 8.50 and later (download)


Procedure:
    For LCOS versions as of LCOS 9.20

    1) Upload a script with LANconfig:

    1.1) Using LANconfig, upload the following script file to the LANCOM device (Configuration management -> Restore script from file...).

    set-tls-lcos-as-of-920.lcsset-tls-lcos-as-of-920.lcs



    For LCOS versions as of LCOS 9.0

    1) Upload a script with LANconfig:

    1.1) Using LANconfig, upload the following script file to the LANCOM device (Configuration management -> Restore script from file...).

    set-tls-lcos900.lcsset-tls-lcos900.lcs



    For LCOS versions 8.50 & 8.84

    1) Upload a script with LANconfig:

    1.1) Using LANconfig, upload the following script file to the LANCOM device (Configuration management -> Restore script from file...).

    set-tls-lcos850-884.lcsset-tls-lcos850-884.lcs

    Catchwords: SSLv3; SSL; disable; TLS
    Please review this document! This document was helpful This document was not helpful