[jira] [Commented] (CASSANDRA-8265) Disable SSLv3 for POODLE

Jeremiah Jordan (JIRA) Tue, 11 Nov 2014 17:33:53 -0800

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-8265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14207491#comment-14207491
 ]


Jeremiah Jordan commented on CASSANDRA-8265:
--------------------------------------------

After trying it and reading the tech note again:

{noformat}
            ctx = SSLContext.getInstance(options.protocol);
{noformat}

Doesn't work until JDK8. We need to do:

{noformat}
sslSocket.setEnabledProtocols(new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", 
"TLSv1.2"});
sslEngine.setEnabledProtocols(new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", 
"TLSv1.2"});
{noformat}

> Disable SSLv3 for POODLE
> ------------------------
>
>                 Key: CASSANDRA-8265
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8265
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Jeremiah Jordan
>
> We should probably disable SSLv3.
> http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (CASSANDRA-8265) Disable SSLv3 for POODLE

Reply via email to