Showing posts from November, 2014

SSL Debugging in WSO2 ESB

Secure Sockets Layer (SSL) is the most widely used protocol for implementing cryptography on the Web. SSL provides a secure enhancement to the standard TCP/IP sockets protocol used for Internet communications. The secure sockets layer is added between the transport layer and the application layer in the standard TCP/IP protocol stack. SSL is used to transferring sensitive information over a network in safe manner. [1]

We have encountered many situations where we need to check which SSL version(s) are being used/supported by our ESB.  Recently I involved in a production issue in which an older version of our ESB was vulnerable to the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack[2][3] since it could NOT be configured to support newer SSL versions. Due to that limitation, it was supporting the default SSLv3 and TLSv1 versions where older SSLv3 protocol version is vulnerable to the POODLE attack. SSL is the precursor of the TLS protocol.

Communication using SSL begins with…