HI Nair,
it appears we are, as JX uses the native java SSL support, and allows
downgrading from TLS.
There seem to be two fixes:
a: (best) disable SSLv3 support on the ldap server (you should probably
do this anyway)
b: in JXplorer, change the config value "option.ssl.protocol" from
"any" to "TLSv1" (I haven't tested this however).
- Chris
-----
*Dr Christopher Betts*
Australian Cloud Identity
http://cloudidentity.com.au
m: 0408 533 456
On 22 October 2014 01:41, Nair, Sandeep S <sandeep.s.n...@citi.com> wrote:
>
>
> Hi,
>
> Is Jxplorer vulnerable to the poodle SSLv3 vulnerability (CVE-2014-3566)?
>
> Thanks
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
> http://p.sf.net/sfu/Zoho
> _______________________________________________
> Jxplorer-users mailing list
> Jxplorer-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/jxplorer-users
>
>
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Jxplorer-users mailing list
Jxplorer-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jxplorer-users
