You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@accumulo.apache.org by "Sean Busbey (JIRA)" <ji...@apache.org> on 2014/11/07 19:19:33 UTC
[jira] [Created] (ACCUMULO-3317) Change Jetty configuration to
disallow SSLv3
Sean Busbey created ACCUMULO-3317:
-------------------------------------
Summary: Change Jetty configuration to disallow SSLv3
Key: ACCUMULO-3317
URL: https://issues.apache.org/jira/browse/ACCUMULO-3317
Project: Accumulo
Issue Type: Sub-task
Components: monitor
Affects Versions: 1.6.0, 1.5.0
Reporter: Sean Busbey
Assignee: Josh Elser
Priority: Blocker
Fix For: 1.5.3, 1.6.2, 1.7.0
Any Jetty use should disallow SSLv3, e.g. the Monitor.
Notes from thread:
{quote}
Jetty:
http://stackoverflow.com/questions/26382540/how-to-disable-the-sslv3-protocol-in-jetty-to-prevent-poodle-attack
{quote}
Testing the monitor for SSLv3 downgrade, given host monitor.example.com on port 12345
{{curl -vvv --sslv3 https://monitor.example.com:12345/}}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)