You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Dan Burkert (JIRA)" <ji...@apache.org> on 2017/10/16 23:30:00 UTC

[jira] [Updated] (KUDU-2190) webserver HTTPS/TLS cipher list is insecure on RHEL 6

     [ https://issues.apache.org/jira/browse/KUDU-2190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Burkert updated KUDU-2190:
------------------------------
    Status: In Review  (was: Open)

> webserver HTTPS/TLS cipher list is insecure on RHEL 6
> -----------------------------------------------------
>
>                 Key: KUDU-2190
>                 URL: https://issues.apache.org/jira/browse/KUDU-2190
>             Project: Kudu
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 1.5.0
>            Reporter: Dan Burkert
>            Priority: Blocker
>              Labels: security
>
> We aren't overriding the default cipher list for the webserver, so it's defaulting to the OpenSSL default cipher suite for the platform.  On RHEL 6, this suite contains 3DES, RC4 and other undesirables.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)