Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-4457

OOB pax-web version does not allow black-listing protocols

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Not A Problem
    • 3.0.6
    • None
    • karaf
    • None

    Description

      Pax web prior to version 3.2.7 doesn't include functionality to blacklist certain SSL/TLS protocols. Pax-web 3.2.7 includes the capability to set excluded protocols through setting the "org.ops4j.pax.web.ssl.protocols.excluded" in "org.ops4j.pax.web.cfg". This is particularly useful to disable weak/vulnerable protocols such as SSLv3 and TLS1.

      Attachments

        Issue Links

          is related to

          Dependency upgrade - Upgrading a dependency to a newer version KARAF-4458 Upgrade to Pax Web 3.2.7

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #171

          Web Link PR

          Activity

            People

              jbonofre Jean-Baptiste Onofré
              rgoulding Ryan Goulding
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: