Reputation: 91
WCF service and POODLE attacks
In my application I am using WCF services that use NetTcpBindings and are configured for both message and transport security (protection level set to EncryptAndSign). The services are hosted as Windows Services in the system.
As far as I understand the connection between the client and my service should be secured with SSL/TLS?
If this is the case can you tell me if there is a risk of the POODLE attack and how is the SSL 3.0 explicitly disabled for WCF services?
Upvotes: 2
Views: 577
Answers (1)
Reputation: 33538
The POODLE Vulnerability is only a threat if the attacker can control the stream from the client to the server and inject their own data while also acting as a Man In The Middle of the connection.
If your WCF service is server side, then it is not an issue.
However, if you still want to disable SSL and use TLS only, see here.
Upvotes: 2
Related Questions
- Is WCF affected by FREAK attack?
- How to Check if a WPF based Thick Client application uses Transport Layer Security(TLS) or not
- What version of SSL/TLS does System.Web.Services.Protocols.SoapHttpClientProtocol use?
- Securing WCF Services
- WCF - SSL Service
- WCF security issue
- SSL and WCF Transport Security
- using ssl in wcf service
- wcf net.tcp using SSL
- WCF security problem