[jira] [Commented] (TS-4247) Should no longer allow SSLv2 configuration

Leif Hedstrom (JIRA) Tue, 01 Mar 2016 17:11:44 -0800

    [ 
https://issues.apache.org/jira/browse/TS-4247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15174757#comment-15174757
 ]


Leif Hedstrom commented on TS-4247:
-----------------------------------

Make it so #1 (for 7.0.0).

> Should no longer allow SSLv2 configuration
> ------------------------------------------
>
>                 Key: TS-4247
>                 URL: https://issues.apache.org/jira/browse/TS-4247
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Security, SSL
>            Reporter: Dave Thompson
>            Assignee: Dave Thompson
>             Fix For: 7.0.0
>
>
> In light of today's DROWN TLS vulnerability (CVE-2016-0800 and CVE-2016-0703 
> ), we should no longer have an option to allow an admin to configure SSLv2 
> (whether intentional or not, or just out of ignorance).   The consequences 
> are far too severe.    This is also the only solution for CVE-2016-0800.
> Some details:
> https://drownattack.com/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (TS-4247) Should no longer allow SSLv2 configuration

Reply via email to