Skip to main content

Experience Management

Protect your GSA against an OpenSSL Vulnerability

You may have read recent media coverage about the SSL/TLS MITM vulnerability (CVE-2014-0224).  OpenSSL.org describes this vulnerability as follows:

An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.

 
Protect your GSA against an OpenSSL VulnerabilityAll versions of the Google Search Appliance (GSA), along with the offboard Connector Manager, are affected by CVE-2014-0224.
Fortunately, patches are available to protect Google Search Appliance versions 7.0 and 7.2:

  • GSA 7.2.0.G.230 (for current 7.2.x users)
  • GSA 7.0.14.G.226 (for current 7.0.x users)

These patches are easily installed using the GSA Version Manager on port  9941 (http) or 9942 (secure).  The patches, along with upgrade instructions, are available on the Google Enterprise Support Portal.
If you use an offboard Connector Manager, please be aware that Google is working on a patch for the Connector Manager.  In the meantime it is generally the best practice to keep your Connector Manager server behind your firewall, unexposed to Internet traffic. This precaution will help mitigate threats from external attackers.
We generally recommend keeping your appliances updated with current versions and patches. When possible, we recommend performing any GSA upgrade first on a development and/or test GSA prior to production deployment. This provides the opportunity to test that any customizations or integration points with other software are still functioning as expected.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Cody Coggins

More from this Author

Follow Us
TwitterLinkedinFacebookYoutubeInstagram