karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guillaume Nodet (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (KARAF-4457) OOB pax-web version does not allow black-listing protocols
Date Tue, 23 Aug 2016 07:55:20 GMT

     [ https://issues.apache.org/jira/browse/KARAF-4457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Guillaume Nodet resolved KARAF-4457.
------------------------------------
    Resolution: Not A Problem

Fixed in 3.0.x (?) when upgrading to a recent pax-web release.

> OOB pax-web version does not allow black-listing protocols
> ----------------------------------------------------------
>
>                 Key: KARAF-4457
>                 URL: https://issues.apache.org/jira/browse/KARAF-4457
>             Project: Karaf
>          Issue Type: Improvement
>          Components: karaf-core
>    Affects Versions: 3.0.6
>            Reporter: Ryan Goulding
>            Assignee: Jean-Baptiste Onofré
>
> Pax web prior to version 3.2.7 doesn't include functionality to blacklist certain SSL/TLS
protocols.  Pax-web 3.2.7 includes the capability to set excluded protocols through setting
the "org.ops4j.pax.web.ssl.protocols.excluded" in "org.ops4j.pax.web.cfg".  This is particularly
useful to disable weak/vulnerable protocols such as SSLv3 and TLS1.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message