Hi all,
Is the implementation of TLS by JBoss affected by "CVE-2014-8730 TLS 1.x padding vulnerability"?
I am using JBoss AS 7 for Windows in my application which with JDK 6. We are not sure that our product is vulnerable to TLS 1.x padding or not.
Please see the following links for more details about this vulnerability:
https://www.imperialviolet.org/2014/12/08/poodleagain.html
https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html
https://www.a10networks.com/support/advisories/A10-RapidResponse_CVE-2014-8730.pdf
https://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151
Is there any confirmation from JBoss that native JSEE and OpenSSL impementation of TLS is not affected by this vulnerability?
I appreciate for your help in this regard.
Thanks,
Sivasankar