Information

Title	ACTION REQUIRED: TLS & SHA-2 support in OpenEdge 10.2B

URL Name	ACTION-REQUIRED-TLS-SHA-2-support-in-OpenEdge-10-2B

Article Number	000189648

Information

Padding Oracle On Downgraded Legacy Encryption (POODLE) is a vulnerability that was identified in late 2014 that can affect secure communications making use of the Secure Socket Layer (SSL) 3.0 protocol. Newer releases of secure communication protocols, including Transport Layer Security (TLS) 1.0, TLS 1.1 and TLS 1.2, are increasingly less susceptible. An OpenEdge application is vulnerable to POODLE attacks if it establishes secure communications over SSL 3.0.

OpenEdge hot fix 10.2B0848 provides the capability to manually configure each OpenEdge component individually to communicate over TLS 1.0 (versus the default SSL 3.0 protocol).

In addition, this hot fix supports Secure Hash Algorithm 2 (SHA-2). SHA-2 consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.

For further details, please reference the whitepaper "Addressing POODLE vulnerability and SHA2 support in Progress OpenEdge 10.2B08" on Progress Community.

Additional Information

Environment

Last Modified Date	12/7/2015 4:44 PM

Disclaimer	The origins of the information on this site may be internal or external to Progress Software Corporation (“Progress”). Progress Software Corporation makes all reasonable efforts to verify this information. However, the information provided is for your information only. Progress Software Corporation makes no explicit or implied claims to the validity of this information. Any sample code provided on this site is not supported under any Progress support program or service. The sample code is provided on an "AS IS" basis. Progress makes no warranties, express or implied, and disclaims all implied warranties including, without limitation, the implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample code is borne by the user. In no event shall Progress, its employees, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample code, even if Progress has been advised of the possibility of such damages.

Disclaimer

The origins of the information on this site may be internal or external to Progress Software Corporation (“Progress”). Progress Software Corporation makes all reasonable efforts to verify this information. However, the information provided is for your information only. Progress Software Corporation makes no explicit or implied claims to the validity of this information.

Any sample code provided on this site is not supported under any Progress support program or service. The sample code is provided on an "AS IS" basis. Progress makes no warranties, express or implied, and disclaims all implied warranties including, without limitation, the implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample code is borne by the user. In no event shall Progress, its employees, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample code, even if Progress has been advised of the possibility of such damages.

Defect Number

ACTION REQUIRED: TLS & SHA-2 support in OpenEdge 10.2B

Information