Protect your server against the POODLE SSLv3 vulnerability

Our friends at Digital Ocean have published a great tutorial about how to protect against the new POODLE vulnerability in SSLv3:

On October 14th, 2014, a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack.

This vulnerability affects every piece of software that can be coerced into communicating with SSLv3. This means that any software that implements a fallback mechanism that includes SSLv3 support is vulnerable and can be exploited.

Many of our users have added a web server to encrypt communication with OpenMRS. Please make sure that you are blocking the older SSLv3 (and v2) protocols to prevent any possible “man-in-the-middle” attacks.

Full HOWTO article:

If you have any questions about this vulnerability or want to discuss responding to it with others in the OpenMRS community, let us know here in this topic!