Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6764

analyze impact of poodle security alert on Derby client - server ssl support

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 10.8.3.0, 10.9.1.0, 10.10.2.0, 10.11.1.1, 10.12.1.1
    • 10.8.3.3, 10.9.2.2, 10.10.2.1, 10.11.1.3, 10.12.1.1
    • None
    • None
    • Urgent
    • Security

    Description

      Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability (CVE-2014-3566)
      Derby supports ssl between the client and network server.

      We should investigate this and decide if we need to change our product, e.g. to eliminate support for SSL in favor of its successor TLS.

      Attachments

        1. DERBY6764_patch1_diff.txt
          10 kB
          Mamta A. Satoor
        2. DERBY6764_patch1_stat.txt
          0.3 kB
          Mamta A. Satoor
        3. DERBY6764_backport10_11_patch1_diff.txt
          10 kB
          Mamta A. Satoor
        4. DERBY6764_10_8_backport_patch1_diff.txt
          9 kB
          Mamta A. Satoor

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. DERBY-6778 SSL tests are failing on 10.8 codeline with IBM jdk 1.4.2 after poodle security backport

          • Major - Major loss of function.
          • Closed

          Activity

            People

              mamtas Mamta A. Satoor
              myrna Myrna van Lunteren
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: