You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Trang Vo (Jira)" <ji...@apache.org> on 2019/09/10 16:15:00 UTC
[jira] [Updated] (QPID-6490) Configure SSL ciphers
[ https://issues.apache.org/jira/browse/QPID-6490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Trang Vo updated QPID-6490:
---------------------------
Attachment: util.h
util.cpp
> Configure SSL ciphers
> ---------------------
>
> Key: QPID-6490
> URL: https://issues.apache.org/jira/browse/QPID-6490
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: 0.30
> Environment: Linux
> Reporter: Brant Knudson
> Priority: Major
> Labels: security
> Attachments: util.cpp, util.h
>
>
> qpid-cpp must allow an admin to set the SSL ciphers / protocols that they want the server to allow. The default should be ciphers / protocols that don't have known security vulnerabilities like SSLv3 (POODLE) and RC4 ciphers (Bar Mitzvah)
> With CVE-2015-2808 (a.k.a. Bar Mitzvah affecting RC4 ciphers) and other recent vulnerabilities found in different ciphers / protocols, we need to be able to disable ciphers / protocols easily.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org