NEUZhangy opened a new issue #127:
URL: https://github.com/apache/openmeetings/issues/127
**Location**:
in file
openmeetings-web/src/main/java/org/apache/openmeetings/web/app/UserManager.java
line 286, the SSL protocol is used in statement: SSLContext sc =
SSLContext.getInstance("SSL");
**Impact:**
An SSL DDoS attack targets the SSL handshake protocol either by sending
worthless data to the SSL server which will result in connection issues for
legitimate users or by abusing the SSL handshake protocol itself.
**Suggestions:**
Upgrade the implementation to the “TLS”, and configure https.protocols JVM
option to include TLSv1.2:
Useful links:
https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https
https://www.appmarq.com/public/tqi,1039002,CWE-319-Avoid-using-Deprecated-SSL-protocols-to-secure-connection
**Please share with us your opinions/comments if there is any:**
Is the bug report helpful?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
