db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Matrigali (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6764) analyze impact of poodle security alert on Derby client - server ssl support
Date Fri, 17 Oct 2014 17:35:34 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14175281#comment-14175281
] 

Mike Matrigali commented on DERBY-6764:
---------------------------------------

Thanks rick for the program.  Here are the results for the ibm jvm's I have on my machine,
i do believe some of this
may have changed with fix packs for the various jvms, so best to make sure you are running
the latest of whatever
jvm you are choosing.  For IBM jvms if you are running the latest version of ibm15,ibm16,
and/or ibm17 you are 
safe.  It looks like ibm142 only included up to SSL v3, so running client or server with ibm142
jvm opens is 
vunerable.:
java version "1.4.2"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2)
Classic VM (build 1.4.2, J2RE 1.4.2 IBM Windows 32 build cn142ifx-20110211 (SR13 FP8+PM31983)
(JIT enabled: jitc))
s1_ibm142:68>java SSLVersion
Supports protocol SSLv2
Supports protocol SSLv3
Supports protocol SSL

java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build pwi32devifx-20140415 (SR16 FP6 ))
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Windows 7 x86-32 j9vmwi3223ifx-20140401 (JIT enabled)
Supports protocol SSLv3
Supports protocol TLS
Supports protocol TLSv1
Supports protocol SSL
Supports protocol SSL_TLS


java version "1.6.0"
Java(TM) SE Runtime Environment (build pwi3260sr16-20140418_01(SR16))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Windows 7 x86-32 jvmwi3260sr16-20140416_196573
(JIT enabled, AOT enabled)

Supports protocol SSLv3
Supports protocol TLSv1
Supports protocol TLSv1.1
Supports protocol TLSv1.2

java version "1.7.0"
Java(TM) SE Runtime Environment (build pwi3270sr7-20140410_01(SR7))
IBM J9 VM (build 2.6, JRE 1.7.0 Windows 7 x86-32 20140409_195732 (JIT enabled, AOT enabled)
Supports protocol SSLv3
Supports protocol TLSv1
Supports protocol TLSv1.1
Supports protocol TLSv1.2


> analyze impact of poodle security alert on Derby client - server ssl support
> ----------------------------------------------------------------------------
>
>                 Key: DERBY-6764
>                 URL: https://issues.apache.org/jira/browse/DERBY-6764
>             Project: Derby
>          Issue Type: Task
>            Reporter: Myrna van Lunteren
>
> Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability (CVE-2014-3566)
> Derby supports ssl between the client and network server.
> We should investigate this and decide if we need to change our product, e.g. to eliminate
support for SSL in favor of its successor TLS.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message