[OFBIZ-10085] Prevent the possible return of the Robot attack - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Minor
Resolution: Incomplete
Affects Version/s: Trunk
Fix Version/s: 16.11.04
Component/s: framework
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

After reading https://robotattack.org/ and testing https://robotattack.org/check/?h=demo-trunk.ofbiz.apache.org which returned (same for stable and old)

This host is not vulnerable. However it still allows connections with the problematic RSA encryption ciphers.

I concluded that we should remove RSA encryption ciphers from our Tomcat config. I'll use https://tomcat.apache.org/tomcat-8.5-doc/config/http.html as a reference to fix this possible issue.

If you are more interested in this please read https://mailarchive.ietf.org/arch/msg/tls/t6SKfh49fb4kRET2krZ6UoaEefs

Attachments

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Dec/17 13:43

Updated:: 17/Dec/17 20:03

Resolved:: 17/Dec/17 13:43