[jira] [Updated] (KUDU-2190) webserver HTTPS/TLS cipher list is insecure on RHEL 6

Dan Burkert (JIRA) Mon, 16 Oct 2017 18:40:36 -0700

     [ 
https://issues.apache.org/jira/browse/KUDU-2190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Dan Burkert updated KUDU-2190:
------------------------------
       Resolution: Fixed
         Assignee: Dan Burkert
    Fix Version/s: 1.6.0
           Status: Resolved  (was: In Review)

> webserver HTTPS/TLS cipher list is insecure on RHEL 6
> -----------------------------------------------------
>
>                 Key: KUDU-2190
>                 URL: https://issues.apache.org/jira/browse/KUDU-2190
>             Project: Kudu
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 1.5.0
>            Reporter: Dan Burkert
>            Assignee: Dan Burkert
>            Priority: Blocker
>              Labels: security
>             Fix For: 1.6.0
>
>
> We aren't overriding the default cipher list for the webserver, so it's 
> defaulting to the OpenSSL default cipher suite for the platform.  On RHEL 6, 
> this suite contains 3DES, RC4 and other undesirables.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (KUDU-2190) webserver HTTPS/TLS cipher list is insecure on RHEL 6

Reply via email to