You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2014/10/15 01:15:33 UTC

[jira] [Updated] (TS-3135) Disable SSLv3 by default

     [ https://issues.apache.org/jira/browse/TS-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Leif Hedstrom updated TS-3135:
------------------------------
    Issue Type: Improvement  (was: Bug)

> Disable SSLv3 by default
> ------------------------
>
>                 Key: TS-3135
>                 URL: https://issues.apache.org/jira/browse/TS-3135
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Security, SSL
>            Reporter: Leif Hedstrom
>            Assignee: Leif Hedstrom
>
> In response to
> http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
> we should consider changing the default in RecordsConfig.cc:
> {code}
> gmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
> index 0146cf9..2f78e31 100644
> --- a/mgmt/RecordsConfig.cc
> +++ b/mgmt/RecordsConfig.cc
> @@ -1224,7 +1224,7 @@ RecordElement RecordsConfig[] = {
>    ,
>    {RECT_CONFIG, "proxy.config.ssl.SSLv2", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
>    ,
> -  {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
> +  {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
>    ,
>    {RECT_CONFIG, "proxy.config.ssl.TLSv1", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
>    ,
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)