You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2014/10/15 19:31:34 UTC

[jira] [Created] (TS-3136) Change default TLS cipher suites

Leif Hedstrom created TS-3136:
---------------------------------

             Summary: Change default TLS cipher suites
                 Key: TS-3136
                 URL: https://issues.apache.org/jira/browse/TS-3136
             Project: Traffic Server
          Issue Type: Improvement
          Components: Security, SSL
            Reporter: Leif Hedstrom
            Assignee: Leif Hedstrom
             Fix For: 5.2.0


In response to

http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html


we should consider changing the default in RecordsConfig.cc:

{code}
gmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index 0146cf9..2f78e31 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1224,7 +1224,7 @@ RecordElement RecordsConfig[] = {
   ,
   {RECT_CONFIG, "proxy.config.ssl.SSLv2", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
-  {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
+  {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
   {RECT_CONFIG, "proxy.config.ssl.TLSv1", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)