[
https://issues.apache.org/jira/browse/DERBY-6764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14175265#comment-14175265
]
Mamta A. Satoor commented on DERBY-6764:
----------------------------------------
It looks like all SSL related code in Network Server client is very localized.
For client side it is in org.apache.derby.client.net.NaiveTrustManager and
org.apache.derby.jdbc.BasicClientDataSource40
For server side, it is in org.apache.derby.impl.drda.NaiveTrustManager and
org.apache.derby.impl.drda.NetworkServerControlImpl and
org.apache.derby.mbeans.drda.NetworkServerMBean
> analyze impact of poodle security alert on Derby client - server ssl support
> ----------------------------------------------------------------------------
>
> Key: DERBY-6764
> URL: https://issues.apache.org/jira/browse/DERBY-6764
> Project: Derby
> Issue Type: Task
> Reporter: Myrna van Lunteren
>
> Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability
> (CVE-2014-3566)
> Derby supports ssl between the client and network server.
> We should investigate this and decide if we need to change our product, e.g.
> to eliminate support for SSL in favor of its successor TLS.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
