[
https://issues.apache.org/jira/browse/DIRSERVER-2020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14215342#comment-14215342
]
RakeshAcharya commented on DIRSERVER-2020:
------------------------------------------
After examining the code below is what we found
In the code you use :
• Java class =
org.apache.directory.server.ldap.handlers.ssl.LdapsInitializer
• Java code =
o sslCtx = SSLContext.getInstance( "TLS" );
>From previous testing with Tomcat, this value “TLS” means that both SSLv3 and
>TLSv1.0/1.1/1.2 are supported by the server.
Can we filter out SSLv3 and force it to be not used at all as it being
unsecured.
Also I disabled SSLv3 from the java control panel which is being used by
apacheds and that didn't help either.
> Poodle remediation for ApacheDS 2.X
> -----------------------------------
>
> Key: DIRSERVER-2020
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2020
> Project: Directory ApacheDS
> Issue Type: Task
> Components: ldap
> Affects Versions: 2.0.0-M10
> Environment: Production
> Reporter: RakeshAcharya
> Priority: Critical
> Labels: patch
>
> How do we disable SSlv3 protocol for apache DS 2.X ?
> As part of poodle remediation we need to disable SSL v3 ASAP in production
> boxes as the scan showed its vulnerable.
> I cant find any configuration pertaining to the same which I could change .
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
