title: POODLE fix for OpenDJ link: https://onemoretech.wordpress.com/2014/10/16/poodle-fix-for-opendj/ author: phil2nc description: post_id: 8687 created: 2014/10/16 14:41:12 created_gmt: 2014/10/16 18:41:12 comment_status: closed post_name: poodle-fix-for-opendj status: publish post_type: post

POODLE fix for OpenDJ

Following find a simple bash script to apply the changes recommended in POODLE SSL Bug and OpenDJ.

#!/bin/bash
# Fix for POODLE vulnerability in OpenDJ
# Specifies SSL to be only TLSv1 and higher, not SSLv3
# Created by P Lembo on 2014/10/16

echo "OpenDJ POODLE Fix"
echo "Run this script as OpenDJ service owner!"

DSHOME=/data/app/opendj/ds-user1
DSUSER=opendj
USER_HOME=/data/app/opendj
HANDLER_NAMES=('LDAPS Connection Handler' 'LDAP Connection Handler' 'HTTP Connection Handler')

# Connection Handlers
for i in "${HANDLER_NAMES[@]}"
do

${DSHOME}/bin/dsconfig \
set-connection-handler-prop \
--handler-name "$i" \
--add ssl-protocol:TLSv1 \
--add ssl-protocol:TLSv1.1 \
--add ssl-protocol:TLSv1.2 \
-h localhost \
-p 5444 \
-j ${USER_HOME}/etc/pwd.txt \
-X -n
echo "$i"

done

# Crypto Manager
${DSHOME}/bin/dsconfig \
set-crypto-manager-prop \
--add ssl-protocol:TLSv1 \
--add ssl-protocol:TLSv1.1 \
--add ssl-protocol:TLSv1.2 \
-h localhost \
-p 5444 \
-j ${USER_HOME}/etc/pwd.txt \
-X -n
echo "Crypto Manager"

# Administration Connector
${DSHOME}/bin/dsconfig \
set-administration-connector-prop \
--add ssl-protocol:TLSv1 \
--add ssl-protocol:TLSv1.1 \
--add ssl-protocol:TLSv1.2 \
-h localhost \
-p 5444 \
-j ${USER_HOME}/etc/pwd.txt \
-X -n
echo "Administration Connector"

echo "End of file"

Copyright 2004-2019 Phil Lembo