db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mamta A. Satoor (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6764) analyze impact of poodle security alert on Derby client - server ssl support
Date Fri, 05 Dec 2014 05:54:13 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14235129#comment-14235129

Mamta A. Satoor commented on DERBY-6764:

I ran the SSLTest suite multiple times with IBM 1.4.2 on 10.8 and could not get the test to
fail. I also ran the entire junit suite and the tests didn't fail. I will make a dummy commit
into 10.8 so that the tests will fire again and see how the tests run with IBM 1.4.2 at http://people.apache.org/~myrnavl/derby_test_results/v10_8

> analyze impact of poodle security alert on Derby client - server ssl support
> ----------------------------------------------------------------------------
>                 Key: DERBY-6764
>                 URL: https://issues.apache.org/jira/browse/DERBY-6764
>             Project: Derby
>          Issue Type: Task
>    Affects Versions:,,,,
>            Reporter: Myrna van Lunteren
>            Assignee: Mamta A. Satoor
>             Fix For:,,,,
>         Attachments: DERBY6764_10_8_backport_patch1_diff.txt, DERBY6764_backport10_11_patch1_diff.txt,
DERBY6764_patch1_diff.txt, DERBY6764_patch1_stat.txt
> Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability (CVE-2014-3566)
> Derby supports ssl between the client and network server.
> We should investigate this and decide if we need to change our product, e.g. to eliminate
support for SSL in favor of its successor TLS.

This message was sent by Atlassian JIRA

View raw message