You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2014/10/15 01:15:33 UTC
[jira] [Updated] (TS-3135) Disable SSLv3 by default
[ https://issues.apache.org/jira/browse/TS-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-3135:
------------------------------
Issue Type: Improvement (was: Bug)
> Disable SSLv3 by default
> ------------------------
>
> Key: TS-3135
> URL: https://issues.apache.org/jira/browse/TS-3135
> Project: Traffic Server
> Issue Type: Improvement
> Components: Security, SSL
> Reporter: Leif Hedstrom
> Assignee: Leif Hedstrom
>
> In response to
> http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
> we should consider changing the default in RecordsConfig.cc:
> {code}
> gmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
> index 0146cf9..2f78e31 100644
> --- a/mgmt/RecordsConfig.cc
> +++ b/mgmt/RecordsConfig.cc
> @@ -1224,7 +1224,7 @@ RecordElement RecordsConfig[] = {
> ,
> {RECT_CONFIG, "proxy.config.ssl.SSLv2", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
> ,
> - {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
> + {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
> ,
> {RECT_CONFIG, "proxy.config.ssl.TLSv1", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
> ,
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)