You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Jeremiah Jordan (JIRA)" <ji...@apache.org> on 2014/11/06 16:36:33 UTC

[jira] [Commented] (CASSANDRA-8265) Disable SSLv3 for POODLE

    [ https://issues.apache.org/jira/browse/CASSANDRA-8265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14200335#comment-14200335 ] 

Jeremiah Jordan commented on CASSANDRA-8265:
--------------------------------------------

We already let people specify the "protocol" in cassandra.yaml to force TLS, but we default it to be commented out.  Should we default to having protocol uncommented?

> Disable SSLv3 for POODLE
> ------------------------
>
>                 Key: CASSANDRA-8265
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8265
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Jeremiah Jordan
>
> We should probably disable SSLv3.
> http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)