[70072 Open] Does POODLE affect RemObjects servers?

I use the RemObjects SDK to provide an https / SSL server service for my applications. I updated the OpenSSL DLLs after Heartbleed, but from the information I have read, it looks like servers should disable SSL3 and only allow TLSx protocols. Does anyone know what steps are needed to secure the RemObjects servers?

Thanks, Matthew

Hello

Please take a look at this blogpost:
http://blogs.remobjects.com/blogs/mh/2014/04/14/p6754

Regards

Thanks, but that doesn’t answer the question. Well, I suppose it says that yes, my code may be affected due to Indy. And since TIdServerIOHandlerSSLOpenSSL is Indy, and not RemObjects code, that’s the place to go ask. Will do.

The best option is to disable the SSLv3 support right away (on the openssl handler), and ask on the Indy forums if that’s enough, it should be according to the articles I read on this issue but I’m no security expert.

I asked on the embacadero delphi third party forum, and the latest Indy supports the three TLS options (which the XE2 Indy doesn’t). That’s the place to take this.

Okay, I updated to the latest Indy, and while it wasn’t easy, the information on how to make it work is out there. Not sure I’d recommend it to anyone who isn’t very familiar with Delphi and packages and all that sort of thing. Even RemObjects SDK needs a custom build after the installer fails (which it does so silently). It would be really nice to have a way to pause the install, allow me to hack the Indy compatibility flag, and then continue. Or perhaps better still, have an option in the installer to indicate I want custom Indy and it could make the change for me. But working, so that’s good.

Thanks, logged as bugs://70072: Improve custom Indy support by the RO SDK installer