[JIRA] [core] (JENKINS-25169) Winstone potentially vulnerable to POODLE (CVE-2014-3566)

[leo.le...@tier-3.com (JIRA)]

Leo Leung edited a comment on JENKINS-25169 Winstone potentially vulnerable to POODLE (CVE-2014-3566) Since Jenkins ver. 1.586, the method to trigger builds remotely using TOKEN authentication URLs with wget described in https://wiki.jenkins-ci.org/display/JENKINS/Authenticating+scripted+clients no longer work due to SSLv1 and SSLv2 is now disabled because of the POODLE vulnerability fix. The following error will appear: Resolving jenkins... 10.0.0.1 Connecting to jenkins|10.0.0.1|:443... connected. Unable to establish SSL connection. The command for wget 1.11.x needs to include the --secure-protocol=TLSv1 option. wget --auth-no-challenge --http-user=user --http-password=apiToken --secure-protocol=TLSv1 http://jenkins.yourcompany.com/job/your_job/build?token=TOKEN

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.