3 Replies Latest reply on Oct 21, 2014 9:10 AM by Mark Francome

    AFT - SSL3.0 Poodle Vulnerability?

    Mark Francome
      Share This:

      Hi,

      I see that Control-M has no vulnerability to the latest SSL issue (i.e. "Poodle") but does anybody know if AFT connections that use "SSL implicit" are at risk from this? I use the following settings for connecting to a remote server (I'm in Europe, remote site is in North America) and have this defined on Host 2 in the AFT profile -

      ss2.bmp

      I would think that removing "SSL implicit" would help (that would make the initial connection go to port 21 before switching to SSL) or maybe increase the security level from "2" (which is "no certifiy").

       

      Obviuosly I'll have to get the remote site to agree to any changes so I want to know the exposure before I start raising this with them.

       

      regards,

       

      Mark.