db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mamta A. Satoor (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6764) analyze impact of poodle security alert on Derby client - server ssl support
Date Wed, 03 Dec 2014 19:24:13 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14233389#comment-14233389

Mamta A. Satoor commented on DERBY-6764:

Myrna, let me look into it. I see that we have jira DERBY-599‚Äč1(SSLTest timed out waiting
for network server to start) but that is intermittent and has not happened in a years time.
When I ran the tests on 10.8 codeline, I ran them with higher jdk. I will try IBM 1.4.2 and
see if I can repro the problem.

> analyze impact of poodle security alert on Derby client - server ssl support
> ----------------------------------------------------------------------------
>                 Key: DERBY-6764
>                 URL: https://issues.apache.org/jira/browse/DERBY-6764
>             Project: Derby
>          Issue Type: Task
>    Affects Versions:,,,,
>            Reporter: Myrna van Lunteren
>            Assignee: Mamta A. Satoor
>             Fix For:,,,,
>         Attachments: DERBY6764_10_8_backport_patch1_diff.txt, DERBY6764_backport10_11_patch1_diff.txt,
DERBY6764_patch1_diff.txt, DERBY6764_patch1_stat.txt
> Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability (CVE-2014-3566)
> Derby supports ssl between the client and network server.
> We should investigate this and decide if we need to change our product, e.g. to eliminate
support for SSL in favor of its successor TLS.

This message was sent by Atlassian JIRA

View raw message