[jira] [Created] (TS-4247) Should no longer allow SSLv2 configuration

Dave Thompson (JIRA) Tue, 01 Mar 2016 14:39:32 -0800

Dave Thompson created TS-4247:
---------------------------------

             Summary: Should no longer allow SSLv2 configuration
                 Key: TS-4247
                 URL: https://issues.apache.org/jira/browse/TS-4247
             Project: Traffic Server
          Issue Type: Bug
          Components: Security, SSL
            Reporter: Dave Thompson
            Assignee: Leif Hedstrom



In light of today's DROWN TLS vulnerability (CVE-2016-0800 and CVE-2016-0703 ), 
we should no longer have an option to allow an admin to configure SSLv2 
(whether intentional or not, or just out of ignorance).   The consequences are 
far too severe.    This is also the only solution for CVE-2016-0800.

Some details:
https://drownattack.com/





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (TS-4247) Should no longer allow SSLv2 configuration

Reply via email to