You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@accumulo.apache.org by "Bill Havanki (JIRA)" <ji...@apache.org> on 2014/11/12 23:26:34 UTC

[jira] [Comment Edited] (ACCUMULO-3317) Change Jetty configuration to disallow SSLv3

    [ https://issues.apache.org/jira/browse/ACCUMULO-3317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208803#comment-14208803 ] 

Bill Havanki edited comment on ACCUMULO-3317 at 11/12/14 10:25 PM:
-------------------------------------------------------------------

Is this fix only on master so far?

Edit: Never mind, I forgot that the branching scheme had changed.


was (Author: bhavanki):
Is this fix only on master so far?

> Change Jetty configuration to disallow SSLv3
> --------------------------------------------
>
>                 Key: ACCUMULO-3317
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3317
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: monitor
>    Affects Versions: 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.6.1
>            Reporter: Sean Busbey
>            Assignee: Josh Elser
>            Priority: Blocker
>             Fix For: 1.5.3, 1.6.2, 1.7.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Any Jetty use should disallow SSLv3, e.g. the Monitor.
> Notes from thread:
> {quote}
> Jetty:
> http://stackoverflow.com/questions/26382540/how-to-disable-the-sslv3-protocol-in-jetty-to-prevent-poodle-attack
> {quote}
> Testing the monitor for SSLv3 downgrade, given host monitor.example.com on port 12345
> {{curl -vvv --sslv3 https://monitor.example.com:12345/}}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)