You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2014/10/15 19:31:34 UTC
[jira] [Created] (TS-3136) Change default TLS cipher suites
Leif Hedstrom created TS-3136:
---------------------------------
Summary: Change default TLS cipher suites
Key: TS-3136
URL: https://issues.apache.org/jira/browse/TS-3136
Project: Traffic Server
Issue Type: Improvement
Components: Security, SSL
Reporter: Leif Hedstrom
Assignee: Leif Hedstrom
Fix For: 5.2.0
In response to
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
we should consider changing the default in RecordsConfig.cc:
{code}
gmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index 0146cf9..2f78e31 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1224,7 +1224,7 @@ RecordElement RecordsConfig[] = {
,
{RECT_CONFIG, "proxy.config.ssl.SSLv2", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
,
- {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
+ {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
,
{RECT_CONFIG, "proxy.config.ssl.TLSv1", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
,
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)