57117 – Increase the default cipher for HTTPS Test Script Recorder from SSLv3 to TLS

Bug 57117 - Increase the default cipher for HTTPS Test Script Recorder from SSLv3 to TLS

Summary: Increase the default cipher for HTTPS Test Script Recorder from SSLv3 to TLS

Status:	RESOLVED FIXED

Alias:	None

Product:	JMeter - Now in Github
Classification:	Unclassified
Component:	HTTP (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	JMeter issues mailing list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-10-19 15:30 UTC by Milamber
Modified:	2014-10-19 15:43 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Milamber 2014-10-19 15:30:55 UTC

The default cipher for the HTTPS Test Script Recorder (JMeter's proxy) is SSLv3. With the recent security issue (CVE-2014-3566) with this cipher, is better to upgrade to TLS (like the current default cipher for HTTP sampler).

Reference:
POODLE: SSLv3 vulnerability (CVE-2014-3566)
https://access.redhat.com/articles/1232123

Comment 1 Milamber 2014-10-19 15:43:44 UTC


URL: http://svn.apache.org/r1632947
Log:
Increase the default cipher for HTTPS Test Script Recorder from SSLv3 to TLS
Edit the proxy.ssl.protocol property in jmeter.properties to return to SSLv3
Bugzilla Id: 57117

Modified:
    jmeter/trunk/bin/jmeter.properties
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
    jmeter/trunk/xdocs/changes.xml

Comment 2 The ASF infrastructure team 2022-09-24 20:37:58 UTC

This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/3461