#17164: Disable SSLv3 by default
------------------------------+------------------------
Reporter: jmantysalo | Owner:
Type: defect | Status: new
Priority: critical | Milestone: sage-6.4
Component: notebook | Resolution:
Keywords: | Merged in:
Authors: | Reviewers:
Report Upstream: N/A | Work issues:
Branch: | Commit:
Dependencies: | Stopgaps:
------------------------------+------------------------
Description changed by vbraun:
Old description:
> There is a bug in SSLv3, see for example
> https://securityblog.redhat.com/2014/10/15/poodle-a-ssl3-vulnerability-
> cve-2014-3566/
>
> If I am correct, quick way to disable this is edit
> `SAGE_ROOT/local/lib/python/ssl.py` and add `:!SSLv3` to end of
> `_DEFAULT_CIPHERS`. This should be made default.
New description:
There is a bug in SSLv3, see for example
https://securityblog.redhat.com/2014/10/15/poodle-a-ssl3-vulnerability-
cve-2014-3566/
Upstream bug: http://bugs.python.org/issue22638
--
--
Ticket URL: <http://trac.sagemath.org/ticket/17164#comment:2>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sage-trac.
For more options, visit https://groups.google.com/d/optout.
