14.4 Preventing POODLE Attack by Disabling SSLv3

If your eDirectory uses LDAPS protocol with SSLv3 for a secure communication, be aware that SSLv3 is vulnerable to POODLE attack as per CVE-2014-3566.

By default, eDirectory runs in FIPS mode and does not allow communication over SSLv3. See Configuring eDirectory in FIPS Mode for more information. If you disable FIPS mode for TLS on your eDirectory server, you may want to disable SSLv3 for LDAP using the following procedure:


  1. Download and install the latest iManager plug-in for eDirectory from the NetIQ Downloads Web site.

  2. Launch iManager and click Roles and Tasks.

  3. Click LDAP>LDAP Options>View LDAP Server and select LDAP Server.

  4. Click the Connections tab.

  5. Enable the Disable SSLv3 and click Apply.

    NOTE:In a non-English environment, you cannot access the Disable SSLv3 option. To access this option, change the preferred display language to English.

  6. Unload and load the LDAP Services for eDirectory.

    For more information, see Loading and Unloading LDAP Services for eDirectory.