Abhijit This is all interesting information. As it happens, I've just tried the SSL testing tool against unilever.onbmc.com (https://www.ssllabs.com/ssltest/analyze.html?d=unilever.onbmc.com) and I note:
"This server is vulnerable to the POODLE attack against TLS servers. Patching required. Grade set to F." I tried some other BMC OnDemand customers, ie Teleflex (https://www.ssllabs.com/ssltest/analyze.html?d=teleflex.onbmc.com) and Marks & Spencer, and note they are vulnerable too. In fact, I can't find a customer that is running on a patched server. Were you aware the BMC 'OnDemand' services have not been patched against a security issue that's been well publicised for months? John _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
