#17164: Disable SSLv3 by default
-----------------------------+----------------------------
Reporter: jmantysalo | Owner:
Type: PLEASE CHANGE | Status: new
Priority: critical | Milestone: sage-6.4
Component: notebook | Keywords:
Merged in: | Authors:
Reviewers: | Report Upstream: N/A
Work issues: | Branch:
Commit: | Dependencies:
Stopgaps: |
-----------------------------+----------------------------
There is a bug in SSLv3, see for example
https://securityblog.redhat.com/2014/10/15/poodle-a-ssl3-vulnerability-
cve-2014-3566/
If I am correct, quick way to disable this is edit
`SAGE_ROOT/local/lib/python/ssl.py` and add `:!SSLv3` to end of
`_DEFAULT_CIPHERS`. This should be made default.
--
Ticket URL: <http://trac.sagemath.org/ticket/17164>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sage-trac.
For more options, visit https://groups.google.com/d/optout.
