[jira] [Closed] (TS-4247) Should no longer allow SSLv2 configuration

Phil Sorber (JIRA) Sun, 17 Apr 2016 22:05:54 -0700

     [ 
https://issues.apache.org/jira/browse/TS-4247?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Phil Sorber closed TS-4247.
---------------------------
       Resolution: Resolved
    Fix Version/s:     (was: 7.0.0)

> Should no longer allow SSLv2 configuration
> ------------------------------------------
>
>                 Key: TS-4247
>                 URL: https://issues.apache.org/jira/browse/TS-4247
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Security, SSL
>            Reporter: Dave Thompson
>            Assignee: Dave Thompson
>            Priority: Blocker
>
> In light of today's DROWN TLS vulnerability (CVE-2016-0800 and CVE-2016-0703 
> ), we should no longer have an option to allow an admin to configure SSLv2 
> (whether intentional or not, or just out of ignorance).   The consequences 
> are far too severe.    This is also the only solution for CVE-2016-0800.
> Some details:
> https://drownattack.com/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Closed] (TS-4247) Should no longer allow SSLv2 configuration

Reply via email to