[jira] [Reopened] (OFBIZ-10085) Prevent the possible return of the Robot attack

Jacques Le Roux (JIRA) Sun, 17 Dec 2017 05:40:27 -0800

     [ 
https://issues.apache.org/jira/browse/OFBIZ-10085?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jacques Le Roux reopened OFBIZ-10085:
-------------------------------------

> Prevent the possible return of the Robot attack
> -----------------------------------------------
>
>                 Key: OFBIZ-10085
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-10085
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>             Fix For: 16.11.04
>
>
> After reading https://robotattack.org/ and testing 
> https://robotattack.org/check/?h=demo-trunk.ofbiz.apache.org which returned 
> (same for stable and old)
> bq. This host is not vulnerable. However it still allows connections with the 
> problematic RSA encryption ciphers.
> I concluded that we should remove RSA encryption ciphers from our Tomcat 
> config. I'll use https://tomcat.apache.org/tomcat-8.5-doc/config/http.html as 
> a reference to fix this possible issue.
> If you are more interested in this please read 
> https://mailarchive.ietf.org/arch/msg/tls/t6SKfh49fb4kRET2krZ6UoaEefs



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Reopened] (OFBIZ-10085) Prevent the possible return of the Robot attack

Reply via email to