Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-7026

Poodle exploit: exclude SSLv3 in example Jetty HTTPS configuration (thanks to David Gerdes, University of Illinois)

    XMLWordPrintable

Details

    Description

      To avoid any possibility of the [http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html|POODLE vulnerability] we should disable SSLv3 in the commented example of an HTTPS connector in the jetty.xml file included in etc/examples.

      Note that no HTTPS connector is enabled by default, so the user needs to take action to enable one in the first place as well as to update the jetty.xml file on servers where one has already been manually enabled.

      Attachments

        Activity

          People

            jeffg Jeff Gehlbach
            jeffg Jeff Gehlbach
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: