ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-5848) Poodle-disable sslv3
Date Thu, 13 Nov 2014 16:57:34 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14210008#comment-14210008
] 

Jacques Le Roux commented on OFBIZ-5848:
----------------------------------------

No, sequence of operations:
# svn up
# ant clean-all load-demo run-tests fails
# ant clean-all load-demo run-tests succeed
# svn up already up to date

That's why I spoke about Einstein. It's not the 1st time this happens to me on Windows. Tha'ts
also why I retried. I guess the less speed process made the difference.

BTW I just tried again at normal priority with success. So It's ok with me and I will not
try more ;)

> Poodle-disable sslv3
> --------------------
>
>                 Key: OFBIZ-5848
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5848
>             Project: OFBiz
>          Issue Type: Bug
>    Affects Versions: Trunk
>         Environment: unix
>            Reporter: Poodle Fixer
>            Assignee: Jacques Le Roux
>            Priority: Critical
>              Labels: patch, security
>             Fix For: Upcoming Branch, 12.04.06, 13.07.02
>
>         Attachments: OFBIZ-5848-java17-12.04.patch, OFBIZ-5848-java17-12.04.patch
>
>
> {panel:title= WARNING ABOUT THE FIX|bgColor=red}
> *We will certainly have to evolve this in the future because this correction forces the
protocol to TLSv1.2*
> {panel}
> [~jacques.le.roux]: I have put a reminder for myself to follow the status of the Poodle
issue in Tomcat
> ----
> Hi there-- 
> This topic seemed relevant because it is a major security issue that recently came up
and will affect many ecommerce sites for ofbiz. 
> I am in process of trying to disable sslv3 on our version of of 
> ofbiz uses tomcat 6. 
> This is to eliminate the security vulnerability from poodle bleed. 
> http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed
> We have tried updating the of ofbiz-containers.xml file like below, but it 
> did not disable sslv3. Poodle is still there. 
> I have also seen fixes that update server.xml with something similar. 
> <property name="sslProtocol" value="TLS"/>  
> <property name="sslEnabledProtocols" value="TLSv1"/>  
> Has anyone else had luck fixing the poodle issue on Apache ofbiz? 
> Or in any of biz products… where is the best place to fix this in of biz??
> Thanks! 
> The Poodle fixer :)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message