accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Busbey (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ACCUMULO-3317) Change Jetty configuration to disallow SSLv3
Date Fri, 07 Nov 2014 18:19:33 GMT
Sean Busbey created ACCUMULO-3317:
-------------------------------------

             Summary: Change Jetty configuration to disallow SSLv3
                 Key: ACCUMULO-3317
                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3317
             Project: Accumulo
          Issue Type: Sub-task
          Components: monitor
    Affects Versions: 1.6.0, 1.5.0
            Reporter: Sean Busbey
            Assignee: Josh Elser
            Priority: Blocker
             Fix For: 1.5.3, 1.6.2, 1.7.0


Any Jetty use should disallow SSLv3, e.g. the Monitor.

Notes from thread:

{quote}
Jetty:
http://stackoverflow.com/questions/26382540/how-to-disable-the-sslv3-protocol-in-jetty-to-prevent-poodle-attack
{quote}

Testing the monitor for SSLv3 downgrade, given host monitor.example.com on port 12345

{{curl -vvv --sslv3 https://monitor.example.com:12345/}}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message