2

In my application I am using WCF services that use NetTcpBindings and are configured for both message and transport security (protection level set to EncryptAndSign). The services are hosted as Windows Services in the system.

As far as I understand the connection between the client and my service should be secured with SSL/TLS?

If this is the case can you tell me if there is a risk of the POODLE attack and how is the SSL 3.0 explicitly disabled for WCF services?

mandjeo
  • 81
  • 1
  • 7

1 Answers1

2

The POODLE Vulnerability is only a threat if the attacker can control the stream from the client to the server and inject their own data while also acting as a Man In The Middle of the connection.

If your WCF service is server side, then it is not an issue.

However, if you still want to disable SSL and use TLS only, see here.

Community
  • 1
  • 1
SilverlightFox
  • 32,436
  • 11
  • 76
  • 145