You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by Kenneth Giusti <kg...@apache.org> on 2014/10/15 22:22:57 UTC
Review Request 26773: Reject SSL connections that use SSLv3
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26773/
-----------------------------------------------------------
Review request for qpid and Rafael Schloming.
Bugs: PROTON-716
https://issues.apache.org/jira/browse/PROTON-716
Repository: qpid
Description
-------
Server-mode SSL connections allow clients using SSL version v3+. v3 is not secure, and should be rejected.
Diffs
-----
proton/trunk/proton-c/src/ssl/openssl.c 1632098
Diff: https://reviews.apache.org/r/26773/diff/
Testing
-------
Verified SSL traffic via wireshark. Tested clients attempting to connect with SSLv3 - the SSL negotiation fails with "bad version" error.
Thanks,
Kenneth Giusti
Re: Review Request 26773: Reject SSL connections that use SSLv3
Posted by Rafael Schloming <rh...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26773/#review56801
-----------------------------------------------------------
Ship it!
Ship It!
- Rafael Schloming
On Oct. 15, 2014, 8:22 p.m., Kenneth Giusti wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/26773/
> -----------------------------------------------------------
>
> (Updated Oct. 15, 2014, 8:22 p.m.)
>
>
> Review request for qpid and Rafael Schloming.
>
>
> Bugs: PROTON-716
> https://issues.apache.org/jira/browse/PROTON-716
>
>
> Repository: qpid
>
>
> Description
> -------
>
> Server-mode SSL connections allow clients using SSL version v3+. v3 is not secure, and should be rejected.
>
>
> Diffs
> -----
>
> proton/trunk/proton-c/src/ssl/openssl.c 1632098
>
> Diff: https://reviews.apache.org/r/26773/diff/
>
>
> Testing
> -------
>
> Verified SSL traffic via wireshark. Tested clients attempting to connect with SSLv3 - the SSL negotiation fails with "bad version" error.
>
>
> Thanks,
>
> Kenneth Giusti
>
>