Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Minor
    • Resolution: Incomplete
    • Affects Version/s: Trunk
    • Fix Version/s: 16.11.04
    • Component/s: framework
    • Labels:
      None
    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      After reading https://robotattack.org/ and testing https://robotattack.org/check/?h=demo-trunk.ofbiz.apache.org which returned (same for stable and old)

      This host is not vulnerable. However it still allows connections with the problematic RSA encryption ciphers.

      I concluded that we should remove RSA encryption ciphers from our Tomcat config. I'll use https://tomcat.apache.org/tomcat-8.5-doc/config/http.html as a reference to fix this possible issue.

      If you are more interested in this please read https://mailarchive.ietf.org/arch/msg/tls/t6SKfh49fb4kRET2krZ6UoaEefs

        Attachments

          Activity

            People

            • Assignee:
              jacques.le.roux Jacques Le Roux
              Reporter:
              jacques.le.roux Jacques Le Roux
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: