[jira] [Created] (TS-3135) Disable SSLv3 by default

Leif Hedstrom (JIRA) Tue, 14 Oct 2014 16:16:11 -0700

Leif Hedstrom created TS-3135:
---------------------------------

             Summary: Disable SSLv3 by default
                 Key: TS-3135
                 URL: https://issues.apache.org/jira/browse/TS-3135
             Project: Traffic Server
          Issue Type: Bug
          Components: Security, SSL
            Reporter: Leif Hedstrom
            Assignee: Leif Hedstrom



In response to

http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html


we should consider changing the default in RecordsConfig.cc:

{code}
gmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index 0146cf9..2f78e31 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1224,7 +1224,7 @@ RecordElement RecordsConfig[] = {
   ,
   {RECT_CONFIG, "proxy.config.ssl.SSLv2", RECD_INT, "0", RECU_RESTART_TS, 
RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
-  {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "1", RECU_RESTART_TS, 
RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
+  {RECT_CONFIG, "proxy.config.ssl.SSLv3", RECD_INT, "0", RECU_RESTART_TS, 
RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
   {RECT_CONFIG, "proxy.config.ssl.TLSv1", RECD_INT, "1", RECU_RESTART_TS, 
RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (TS-3135) Disable SSLv3 by default

Reply via email to