Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-4247

Should no longer allow SSLv2 configuration

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Blocker
    • Resolution: Resolved
    • None
    • None
    • Security, SSL
    • None

    Description

      In light of today's DROWN TLS vulnerability (CVE-2016-0800 and CVE-2016-0703 ), we should no longer have an option to allow an admin to configure SSLv2 (whether intentional or not, or just out of ignorance). The consequences are far too severe. This is also the only solution for CVE-2016-0800.

      Some details:
      https://drownattack.com/

      Attachments

        Issue Links

          is superceded by

          Improvement - An improvement or enhancement to an existing feature or task. TS-4357 Remove SSLv2/3 capability

          • Major - Major loss of function.
          • Closed

          Activity

            People

              davet Dave Thompson
              davet Dave Thompson
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: