Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6764

analyze impact of poodle security alert on Derby client - server ssl support

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 10.8.3.0, 10.9.1.0, 10.10.2.0, 10.11.1.1, 10.12.1.1
    • None
    • None
    • Urgent
    • Security

    Description

      Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability (CVE-2014-3566)
      Derby supports ssl between the client and network server.

      We should investigate this and decide if we need to change our product, e.g. to eliminate support for SSL in favor of its successor TLS.

      Attachments

        1. DERBY6764_10_8_backport_patch1_diff.txt
          9 kB
          Mamta A. Satoor
        2. DERBY6764_backport10_11_patch1_diff.txt
          10 kB
          Mamta A. Satoor
        3. DERBY6764_patch1_diff.txt
          10 kB
          Mamta A. Satoor
        4. DERBY6764_patch1_stat.txt
          0.3 kB
          Mamta A. Satoor

        Issue Links

          Activity

            People

              mamtas Mamta A. Satoor
              myrna Myrna van Lunteren
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: