Disabling SSLv3.0 on LANCOM devices

Description:

This document describes how to disable the use of the SSLv3 protocol on LANCOM devices.

After deactivating SSLv3, by default only the protocol TLS remains active. The settings apply to both the HTTP server and the HTTP client in LCOS.

Information:

If you are operating configured LANCOM devices with LCOS firmware version 8.50 or later, to disable SSLv3 you have to upload the script file provided below into the LANCOM devices.
Since LCOS version 9.0 RU3 and also LCOS 8.84 RU4 (download), the SSLv3 protocol is disabled by default if a firmware update of LANCOM devices is performed on devices with the unconfigured factory settings.
- If you are updating configured LANCOM devices to the LCOS 9.0 RU3 or LOCS 8.84 RU4 or later, to disable SSLv3 you have to upload the script file provided below into the LANCOM devices.
For information about the vulnerability in the SSLv3 protocol (also known as the POODLE hack), see the National Institute of Standards and Technology homepage under publication number CVE-2014-3566.

Requirements:

LCOS as of version 8.50 (download latest version)
LANtools as of version 8.50 (download latest version)

Procedure:

For LCOS versions as of LCOS 10.30

Using LANconfig, upload the following script file to the LANCOM device (Configuration management → Restore script from file...).

sslv3-tlsv1-deaktivate_as_of_10.30.lcs

For LCOS versions as of LCOS 9.20

Using LANconfig, upload the following script file to the LANCOM device (Configuration management → Restore script from file...).

sslv3-tlsv1-deaktivate_until_10.20.lcs

For LCOS versions as of LCOS 9.0

Using LANconfig, upload the following script file to the LANCOM device (Configuration management → Restore script from file...).

set-tls-lcos900.lcs

For LCOS versions 8.50 & 8.84

Using LANconfig, upload the following script file to the LANCOM device ( Configuration management -> Restore script from file...).

set-tls-lcos850-884.lcs

Seitenhierarchie

Service & Support

Links