Blade ZipKit - Poodle SSLv3 Check

Version 11

    Blade ZipKit – Poodle SSLv3



    Blade ZipKit Package Info

    Name: Poodle SSLv3 Check

    Type:Component Template

    BSA Compatible Version: 8.5.x

    Version: 1.0

    More Info:

    Created by: Bill Robinson

    Tested version on:

    Tested against host running: Windows, RedHat

    This Component Template checks for running services advertising SSLv3. Also for Linux there is a check for the updated version of the openssl rpm and on Windows for the registry key described here:


    Instructions for importing the Component Template

    1. Download the attached zip
    2. Extract the zip file.
    3. Import the ‘Poodle -’ using the Version Neutral Content Import
    4. Copy the ‘’ and ‘poodle.nsh’ to the ‘extended_objects’ folder on your BSA File Server
    5. Edit the Component Template and replace blfileserver and associated path in the Extended Object definition with the path to the zip and nsh script in your environment.
    6. Create and run a Component Discovery Job for the template.
    7. Create Compliance Job for the template, check the ‘Continue on Compliance Errors’ option. 

    The check works by listing all open ports on the system and checking each with the openssl client to see if SSLv3 is advertised.  On Linux openssl should be on the system, for Windows an openssl binary is copied to the target and then removed after the check is complete. 


    Remediation can be associated with the Windows Registry Check by creating a blpackage out of The following MSI:, however remediation for any other detected services it is unlikely remediation can be automated as each application will have different instructions on how to remediate.  This check will list the path to the vulnerable binary for easier identification of what needs to be remediated.