[
https://issues.apache.org/jira/browse/DIRSERVER-2020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14218025#comment-14218025
]
Emmanuel Lecharny commented on DIRSERVER-2020:
----------------------------------------------
Actually, I would suggest you use a version that will manage the pb though
configuration. The next version will mitigate the SSL issue with a (kind of)
ugly patch, where we hard wired the list of protocols we support (and it
excludes SSLv3).
In the very next version, we will move this list in the configuration, so that
if, say, TLS v1.1 gets proven to be broken, then one can remove it from the
list of protocols.
> Poodle remediation for ApacheDS 2.X
> -----------------------------------
>
> Key: DIRSERVER-2020
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2020
> Project: Directory ApacheDS
> Issue Type: Task
> Components: ldap
> Affects Versions: 2.0.0-M10
> Environment: Production
> Reporter: RakeshAcharya
> Priority: Critical
> Labels: patch
>
> How do we disable SSlv3 protocol for apache DS 2.X ?
> As part of poodle remediation we need to disable SSL v3 ASAP in production
> boxes as the scan showed its vulnerable.
> I cant find any configuration pertaining to the same which I could change .
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
