db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6764) analyze impact of poodle security alert on Derby client - server ssl support
Date Tue, 04 Nov 2014 22:59:34 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14197049#comment-14197049

Knut Anders Hatlen commented on DERBY-6764:

I see that there are failures in the Oracle tests after the commit. I think that's because
of the inconsistency mentioned in my previous comment, which causes one of the elements in
the array to be null when two protocols have been removed.

java.lang.IllegalArgumentException: Protocol cannot be null
	at com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:116)
	at com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)
	at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledProtocols(SSLServerSocketImpl.java:184)
	at org.apache.derby.impl.drda.NetworkServerControlImpl.createServerSocket(NetworkServerControlImpl.java:736)
	at org.apache.derby.impl.drda.NetworkServerControlImpl.access$000(NetworkServerControlImpl.java:93)
	at org.apache.derby.impl.drda.NetworkServerControlImpl$1.run(NetworkServerControlImpl.java:785)
	at org.apache.derby.impl.drda.NetworkServerControlImpl$1.run(NetworkServerControlImpl.java:782)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.derby.impl.drda.NetworkServerControlImpl.blockingStart(NetworkServerControlImpl.java:781)
	at org.apache.derby.impl.drda.NetworkServerControlImpl.executeWork(NetworkServerControlImpl.java:2316)
	at org.apache.derby.drda.NetworkServerControl.main(NetworkServerControl.java:353)

> analyze impact of poodle security alert on Derby client - server ssl support
> ----------------------------------------------------------------------------
>                 Key: DERBY-6764
>                 URL: https://issues.apache.org/jira/browse/DERBY-6764
>             Project: Derby
>          Issue Type: Task
>    Affects Versions:
>            Reporter: Myrna van Lunteren
>            Assignee: Mamta A. Satoor
>             Fix For:
>         Attachments: DERBY6764_patch1_diff.txt, DERBY6764_patch1_stat.txt
> Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability (CVE-2014-3566)
> Derby supports ssl between the client and network server.
> We should investigate this and decide if we need to change our product, e.g. to eliminate
support for SSL in favor of its successor TLS.

This message was sent by Atlassian JIRA

View raw message