----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/26773/#review56801 -----------------------------------------------------------
Ship it! Ship It! - Rafael Schloming On Oct. 15, 2014, 8:22 p.m., Kenneth Giusti wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/26773/ > ----------------------------------------------------------- > > (Updated Oct. 15, 2014, 8:22 p.m.) > > > Review request for qpid and Rafael Schloming. > > > Bugs: PROTON-716 > https://issues.apache.org/jira/browse/PROTON-716 > > > Repository: qpid > > > Description > ------- > > Server-mode SSL connections allow clients using SSL version v3+. v3 is not > secure, and should be rejected. > > > Diffs > ----- > > proton/trunk/proton-c/src/ssl/openssl.c 1632098 > > Diff: https://reviews.apache.org/r/26773/diff/ > > > Testing > ------- > > Verified SSL traffic via wireshark. Tested clients attempting to connect > with SSLv3 - the SSL negotiation fails with "bad version" error. > > > Thanks, > > Kenneth Giusti > >
