Self-Solve Knowledge Search

Minimize Maximize
POODLE Vulnerability on SSLv3 fix causing the Vugen script's replay to fail
Title :
POODLE Vulnerability on SSLv3 fix causing the Vugen script's replay to fail
Document ID :
KM01211533
Product - Version:
performance center ; loadrunner ;
OS :
Updated :
Wed Oct 15 20:19:33 GMT 2014
Summary :
In order to fix the POODLE vulnerability it is necessary to use TLS instead. This causes the SSL handshake to fail the scripts

Further information about POODLE can be found in the following link:

http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html

Solution

Since the change in order to overcome this vulnerability is to use TLS instead of SSLv3, it is necessary to update the Vugen scripts to do so or a SSL handshake error will come up during replay.

The function web_set_sockets_option() should be added right before the first request against the application server like this code snippet:

Action()

{

      web_set_sockets_option("SSL_VERSION","TLS");

      [...]