Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6764

analyze impact of poodle security alert on Derby client - server ssl support

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.8.3.0, 10.9.1.0, 10.10.2.0, 10.11.1.1, 10.12.1.1
    • Component/s: None
    • Labels:
      None
    • Urgency:
      Urgent
    • Bug behavior facts:
      Security

      Description

      Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability (CVE-2014-3566)
      Derby supports ssl between the client and network server.

      We should investigate this and decide if we need to change our product, e.g. to eliminate support for SSL in favor of its successor TLS.

        Attachments

        1. DERBY6764_patch1_diff.txt
          10 kB
          Mamta A. Satoor
        2. DERBY6764_patch1_stat.txt
          0.3 kB
          Mamta A. Satoor
        3. DERBY6764_backport10_11_patch1_diff.txt
          10 kB
          Mamta A. Satoor
        4. DERBY6764_10_8_backport_patch1_diff.txt
          9 kB
          Mamta A. Satoor

          Issue Links

            Activity

              People

              • Assignee:
                mamtas Mamta A. Satoor
                Reporter:
                myrna Myrna van Lunteren
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: