Uploaded image for project: 'Accumulo'
  1. Accumulo
  2. ACCUMULO-3316 Update TLS usage to mitigate POODLE
  3. ACCUMULO-3318

Alter Thrift RPC components to disallow SSLv3

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 1.6.0
    • 1.6.2, 1.7.0
    • proxy, rpc
    • None

    Description

      All components that rely on Thrift's secure transport need be updated to disallow SSLv3.

      Thrift:
      http://stackoverflow.com/questions/26387099/securing-a-thrift-server-aginst-the-poodle-ssl-vulnerability

      The easy way to check this is simply to stand up a tserver and try
      connecting over SSLv3:

      openssl s_client -connect localhost:12345 -ssl3

      Attachments

        Activity

          People

            elserj Josh Elser
            busbey Sean Busbey
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 40m
                40m