A vulnerability in the design of SSL version 3.0., Padding Oracle On Downgraded Legacy Encryption (POODLE), has been published today. (Oct. 14th ,2014, USA)
In Questetra system, usually, we use the TLS in encrypted communication, but it had been a state that communication using SSL 3.0 is also available from some clients. In consideration of the content, we have performed an emergency maintenance at 13:30, 15th (JST) without service stoppage.
All Users of Questetra BPM Suite SaaS Edition
Maintenance Date Time
Wed. Oct. 15th, 2014 13:30 (JST) [+09:00]
- Wed. Oct. 15th, 2014 04:30 (UTC)
- Wed. Oct. 14th, 2014 21:30 (PDT) [-07:00]
Questetra BPM Suite Version 9.9.5_20141015
Disabled SSL 3.0 in HTTPS communication.
There is a possibility that TLS is disabled in the security settings, when you are no longer able to access Questetra in spite of using the browser that listed in System Requirement. Please modify the setting so that TLS is available.
- e.g. Internet Explorer： [Internet Options] > [Advanced] > Check on TLS 1.0
(Details：Microsoft Security Advisory)
- This POODLE bites: exploiting the SSL 3.0 fallback (Google Online Security Blog)