db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6764) analyze impact of poodle security alert on Derby client - server ssl support
Date Thu, 11 Dec 2014 19:33:14 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14242998#comment-14242998
] 

ASF subversion and git services commented on DERBY-6764:
--------------------------------------------------------

Commit 1644731 from [~mamtas] in branch 'code/branches/10.8'
[ https://svn.apache.org/r1644731 ]

DERBY-6778(SSL tests are failing on 10.8 codeline with IBM jdk 1.4.2 after poodle security
backport)

In order to work around the IBM jdk 1.4.2 issue, we will bypass the poodle security code introduced
by DERBY-6764 for IBM jdk 1.4.2 in only 10.8 codeline(since the failure is only with that
jdk). Jdk 1.4 is pretty old and hopefully we do not have anyone using that jdk anymore.

> analyze impact of poodle security alert on Derby client - server ssl support
> ----------------------------------------------------------------------------
>
>                 Key: DERBY-6764
>                 URL: https://issues.apache.org/jira/browse/DERBY-6764
>             Project: Derby
>          Issue Type: Task
>    Affects Versions: 10.8.3.0, 10.9.1.0, 10.10.2.0, 10.11.1.1, 10.12.0.0
>            Reporter: Myrna van Lunteren
>            Assignee: Mamta A. Satoor
>             Fix For: 10.8.3.3, 10.9.2.2, 10.10.2.1, 10.11.1.3, 10.12.0.0
>
>         Attachments: DERBY6764_10_8_backport_patch1_diff.txt, DERBY6764_backport10_11_patch1_diff.txt,
DERBY6764_patch1_diff.txt, DERBY6764_patch1_stat.txt
>
>
> Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability (CVE-2014-3566)
> Derby supports ssl between the client and network server.
> We should investigate this and decide if we need to change our product, e.g. to eliminate
support for SSL in favor of its successor TLS.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message