Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-7026

Poodle exploit: exclude SSLv3 in example Jetty HTTPS configuration (thanks to David Gerdes, University of Illinois)

    XMLWordPrintable

    Details

      Description

      To avoid any possibility of the [http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html|POODLE vulnerability] we should disable SSLv3 in the commented example of an HTTPS connector in the jetty.xml file included in etc/examples.

      Note that no HTTPS connector is enabled by default, so the user needs to take action to enable one in the first place as well as to update the jetty.xml file on servers where one has already been manually enabled.

        Attachments

          Activity

            People

            Assignee:
            jeffg Jeff Gehlbach
            Reporter:
            jeffg Jeff Gehlbach
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: