Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-7026

Poodle exploit: exclude SSLv3 in example Jetty HTTPS configuration (thanks to David Gerdes, University of Illinois)

    XMLWordPrintable

    Details

      Description

      To avoid any possibility of the [http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html|POODLE vulnerability] we should disable SSLv3 in the commented example of an HTTPS connector in the jetty.xml file included in etc/examples.

      Note that no HTTPS connector is enabled by default, so the user needs to take action to enable one in the first place as well as to update the jetty.xml file on servers where one has already been manually enabled.

        Attachments

          Activity

            People

            • Assignee:
              jeffg Jeff Gehlbach
              Reporter:
              jeffg Jeff Gehlbach
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: