Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-3135

Disable SSLv3 by default

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.1.1, 5.2.0
    • Component/s: Security, SSL
    • Labels:
      None

      Description

      In response to

      http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html

      we should consider changing the default in RecordsConfig.cc:

      gmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
      index 0146cf9..2f78e31 100644
      --- a/mgmt/RecordsConfig.cc
      +++ b/mgmt/RecordsConfig.cc
      @@ -1224,7 +1224,7 @@ RecordElement RecordsConfig[] = {
         ,
         {RECT_CONFIG, "proxy.config.ssl.SSLv2", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
         ,
      -  {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
      +  {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
         ,
         {RECT_CONFIG, "proxy.config.ssl.TLSv1", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
         ,
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                zwoop Leif Hedstrom
                Reporter:
                zwoop Leif Hedstrom
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: