Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6764

analyze impact of poodle security alert on Derby client - server ssl support

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 10.8.3.0, 10.9.1.0, 10.10.2.0, 10.11.1.1, 10.12.1.1
    • None
    • None
    • Urgent
    • Security

    Description

      Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability (CVE-2014-3566)
      Derby supports ssl between the client and network server.

      We should investigate this and decide if we need to change our product, e.g. to eliminate support for SSL in favor of its successor TLS.

      Attachments

        1. DERBY6764_10_8_backport_patch1_diff.txt
          9 kB
          Mamta A. Satoor
        2. DERBY6764_backport10_11_patch1_diff.txt
          10 kB
          Mamta A. Satoor
        3. DERBY6764_patch1_diff.txt
          10 kB
          Mamta A. Satoor
        4. DERBY6764_patch1_stat.txt
          0.3 kB
          Mamta A. Satoor

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            mamtas Mamta A. Satoor
            myrna Myrna van Lunteren
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment