You may have read recent media coverage about the SSL/TLS MITM vulnerability (CVE-2014-0224). OpenSSL.org describes this vulnerability as follows:
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
All versions of the Google Search Appliance (GSA), along with the offboard Connector Manager, are affected by CVE-2014-0224.
Fortunately, patches are available to protect Google Search Appliance versions 7.0 and 7.2:
- GSA 7.2.0.G.230 (for current 7.2.x users)
- GSA 7.0.14.G.226 (for current 7.0.x users)
These patches are easily installed using the GSA Version Manager on port 9941 (http) or 9942 (secure). The patches, along with upgrade instructions, are available on the Google Enterprise Support Portal.
If you use an offboard Connector Manager, please be aware that Google is working on a patch for the Connector Manager. In the meantime it is generally the best practice to keep your Connector Manager server behind your firewall, unexposed to Internet traffic. This precaution will help mitigate threats from external attackers.
We generally recommend keeping your appliances updated with current versions and patches. When possible, we recommend performing any GSA upgrade first on a development and/or test GSA prior to production deployment. This provides the opportunity to test that any customizations or integration points with other software are still functioning as expected.
