I wasn't worried so much about the web serving since we front ours with a web server that proxies to HTTP, but anything internal to jenkins itself that I might not be thinking of.
Thanks, this confirms my thoughts. On Thu, Jun 5, 2014 at 5:46 AM, Stephen Connolly < [email protected]> wrote: > most people do not have Jenkins do the TLS transport directly but instead > front Jenkins with an SSL engine if they need SSL... thus more correctly > you should ask: > > * have I configured by Jenkins instance to serve HTTPS > * did I use Jenkins's native container and its native TLS support or did I > use Nginx/Apache HTTPD/HAProxy/etc > > Once you have determined who is doing the TLS then you can ask whether the > issue is present in that software... > > IOW it is one of: > > * The JVM > * Nginix > * Apache HTTPD > * HAProxy > * etc > > Jenkins itself does not have a "private" ssl implementation > > > On 5 June 2014 13:40, Dave Dash <[email protected]> wrote: > >> Does anybody know if Jenkins is susceptible to this: >> >> http://www.openssl.org/news/secadv_20140605.txt >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-users/merirUlMozc/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
