[jira] [Updated] (KUDU-2190) webserver HTTPS/TLS cipher list is insecure on RHEL 6
[ https://issues.apache.org/jira/browse/KUDU-2190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Burkert updated KUDU-2190: -- Resolution: Fixed Assignee: Dan Burkert Fix Version/s: 1.6.0 Status: Resolved (was: In Review) > webserver HTTPS/TLS cipher list is insecure on RHEL 6 > - > > Key: KUDU-2190 > URL: https://issues.apache.org/jira/browse/KUDU-2190 > Project: Kudu > Issue Type: Bug > Components: server >Affects Versions: 1.5.0 >Reporter: Dan Burkert >Assignee: Dan Burkert >Priority: Blocker > Labels: security > Fix For: 1.6.0 > > > We aren't overriding the default cipher list for the webserver, so it's > defaulting to the OpenSSL default cipher suite for the platform. On RHEL 6, > this suite contains 3DES, RC4 and other undesirables. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (KUDU-2190) webserver HTTPS/TLS cipher list is insecure on RHEL 6
[ https://issues.apache.org/jira/browse/KUDU-2190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dan Burkert updated KUDU-2190: -- Status: In Review (was: Open) > webserver HTTPS/TLS cipher list is insecure on RHEL 6 > - > > Key: KUDU-2190 > URL: https://issues.apache.org/jira/browse/KUDU-2190 > Project: Kudu > Issue Type: Bug > Components: server >Affects Versions: 1.5.0 >Reporter: Dan Burkert >Priority: Blocker > Labels: security > > We aren't overriding the default cipher list for the webserver, so it's > defaulting to the OpenSSL default cipher suite for the platform. On RHEL 6, > this suite contains 3DES, RC4 and other undesirables. -- This message was sent by Atlassian JIRA (v6.4.14#64029)