You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Jeremiah Jordan (JIRA)" <ji...@apache.org> on 2014/11/06 16:36:33 UTC
[jira] [Commented] (CASSANDRA-8265) Disable SSLv3 for POODLE
[ https://issues.apache.org/jira/browse/CASSANDRA-8265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14200335#comment-14200335 ]
Jeremiah Jordan commented on CASSANDRA-8265:
--------------------------------------------
We already let people specify the "protocol" in cassandra.yaml to force TLS, but we default it to be commented out. Should we default to having protocol uncommented?
> Disable SSLv3 for POODLE
> ------------------------
>
> Key: CASSANDRA-8265
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8265
> Project: Cassandra
> Issue Type: Bug
> Reporter: Jeremiah Jordan
>
> We should probably disable SSLv3.
> http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)