About the E4_3_5_TLSv12_3 Patch
This patch addresses the following issues:
- The SSL service no longer consumes excessive resources during high connection rate periods (MIRA-52365).
- Fixed a problem where attaching files to an email would fail occasionally (MIRA-55039).
- Vulnerability in SSLv3 (CVE-2014-3566) - Padding Oracle On Downgraded Legacy Encryption (POODLE) (MIRA-55087).
- TLSv1.1 and TLSv1.2 are available (MIRA-55089).
- Other SSL security fixes (MIRA-52259, MIRA-52439, MIRA-52621, MIRA-52869, MIRA-52870, MIRA-52877).
- OpenSSL version mismatch (MIRA-55313, MIRA-55355).
NOTE:
- This patch restarts all the services.
- The patch can be removed (uninstalled).
- Patch removal also restarts all the services.
- Any previous version of the patch should be removed if it exists on the system.
Installing the Patch
To install this patch:
- Use a telnet client to connect to the administration command-line
interface on port 23 on your Mirapoint appliance.
- Log in as an administrator.
- Issue the following command:
Version
If the result returned is 4.3.4 or 4.3.5, you can install this patch.
- Install the E4_3_5_TLSv12_3 patch using the following CLI command:
Update Install ftp://ftp.mirapoint.com/pub/updates/E4_3_5_TLSv12_3
- After installing the patch, perform the following CLI command:
SSL NEWCERT 127.0.0.1
Always check the system log after installing a patch regardless of whether
installation succeeds or fails.