db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mamta A. Satoor (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6764) analyze impact of poodle security alert on Derby client - server ssl support
Date Wed, 05 Nov 2014 00:28:34 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14197210#comment-14197210
] 

Mamta A. Satoor commented on DERBY-6764:
----------------------------------------

I have been negligent with my checkin. Will fix the issue soon. As for using ArrayList, I
avoided using them because I think it will be a good fix to backport to earlier releases where
we may not have access to ArrayList. I could have used ArrayList here and change the code
to old fashion during the backport but chose to be consistent. Please let me know if we prefer
to use ArrayList on releases where they are available and then change the code for earlier
releases. Thanks

> analyze impact of poodle security alert on Derby client - server ssl support
> ----------------------------------------------------------------------------
>
>                 Key: DERBY-6764
>                 URL: https://issues.apache.org/jira/browse/DERBY-6764
>             Project: Derby
>          Issue Type: Task
>    Affects Versions: 10.12.0.0
>            Reporter: Myrna van Lunteren
>            Assignee: Mamta A. Satoor
>             Fix For: 10.12.0.0
>
>         Attachments: DERBY6764_patch1_diff.txt, DERBY6764_patch1_stat.txt
>
>
> Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability (CVE-2014-3566)
> Derby supports ssl between the client and network server.
> We should investigate this and decide if we need to change our product, e.g. to eliminate
support for SSL in favor of its successor TLS.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message