Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.6.1
    • Fix Version/s: 1.5.3, 1.6.2, 1.7.0
    • Component/s: monitor
    • Labels:
      None

      Description

      Any Jetty use should disallow SSLv3, e.g. the Monitor.

      Notes from thread:

      Jetty:
      http://stackoverflow.com/questions/26382540/how-to-disable-the-sslv3-protocol-in-jetty-to-prevent-poodle-attack

      Testing the monitor for SSLv3 downgrade, given host monitor.example.com on port 12345

      curl -vvv --sslv3 https://monitor.example.com:12345/

        Attachments

          Activity

            People

            • Assignee:
              elserj Josh Elser
              Reporter:
              busbey Sean Busbey
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 0.5h
                0.5h