db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6764) analyze impact of poodle security alert on Derby client - server ssl support
Date Tue, 04 Nov 2014 06:03:34 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14195758#comment-14195758
] 

ASF subversion and git services commented on DERBY-6764:
--------------------------------------------------------

Commit 1636509 from [~mamtas] in branch 'code/trunk'
[ https://svn.apache.org/r1636509 ]

DERBY-6764(analyze impact of poodle security alert on Derby client - server ssl support)

Removed SSLv3 and SSLv2Hello from list of enabled protocols on the client and server side
to avoid poodle security breach. Also, changed  NaiveTrustManager to use TLS as the default
protocol rather than SSL. If NaiveTrustManager used SSL, then it won't find any enabled protocols
for SSL after the removal of SSLv3 and SSLv2Hello. Changing it to TLS makes TLS protocols
available for communication.

> analyze impact of poodle security alert on Derby client - server ssl support
> ----------------------------------------------------------------------------
>
>                 Key: DERBY-6764
>                 URL: https://issues.apache.org/jira/browse/DERBY-6764
>             Project: Derby
>          Issue Type: Task
>            Reporter: Myrna van Lunteren
>            Assignee: Mamta A. Satoor
>         Attachments: DERBY6764_patch1_diff.txt, DERBY6764_patch1_stat.txt
>
>
> Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability (CVE-2014-3566)
> Derby supports ssl between the client and network server.
> We should investigate this and decide if we need to change our product, e.g. to eliminate
support for SSL in favor of its successor TLS.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message