accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (ACCUMULO-3318) Alter Thrift RPC components to disallow SSLv3
Date Sat, 08 Nov 2014 00:22:35 GMT

     [ https://issues.apache.org/jira/browse/ACCUMULO-3318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Josh Elser resolved ACCUMULO-3318.
----------------------------------
    Resolution: Fixed

Default to TLS for thrift RPC. Add a workaround for JDK 1.6. Verified using openssl's s_client.
Perform your own verification and let me know.

> Alter Thrift RPC components to disallow SSLv3
> ---------------------------------------------
>
>                 Key: ACCUMULO-3318
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3318
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: proxy, rpc
>    Affects Versions: 1.6.0
>            Reporter: Sean Busbey
>            Assignee: Josh Elser
>            Priority: Blocker
>             Fix For: 1.6.2, 1.7.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> All components that rely on Thrift's secure transport need be updated to disallow SSLv3.
> {quote}
> Thrift:
> http://stackoverflow.com/questions/26387099/securing-a-thrift-server-aginst-the-poodle-ssl-vulnerability
> {quote}
> {quote}
> The easy way to check this is simply to stand up a tserver and try
> connecting over SSLv3:
> openssl s_client -connect localhost:12345 -ssl3
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message