[CWD-4214] Disable SSLv3 in the commented out TLS tomcat configuration

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.8.4
Affects Version/s: None
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

We can document how users can enable SSLv3 but we should disable SSLv3 in the commented out tomcat TLS configuration, so as to prevent customers being vulnerable to POODLE.

is incorporated by

CWD-4240 Upgrade tomcat to a version >= 7.0.55

Closed

relates to

CONFSERVER-35386 SSLv3 Is Not Disabled When sslProtocol is Set to TLS, Vulnerable to POODLE

Closed

Monique Khairuliana (Inactive) made changes - 15/Aug/2019 7:04 AM

Workflow	Original: Simplified Crowd Development Workflow v2 - restricted [ 1509795 ]	New: JAC Bug Workflow v3 [ 3363960 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

vkharisma made changes - 01/Apr/2017 2:12 PM

Link

New: This issue relates to CONFCLOUD-35386 [ CONFCLOUD-35386 ]

Owen made changes - 07/Jul/2016 6:18 AM

Workflow

Original: Simplified Crowd Development Workflow v2 [ 1392200 ]

New: Simplified Crowd Development Workflow v2 - restricted [ 1509795 ]

Owen made changes - 12/May/2016 2:51 AM

Workflow

Original: Crowd Development Workflow v2 [ 792599 ]

New: Simplified Crowd Development Workflow v2 [ 1392200 ]

David Black made changes - 18/Apr/2016 11:43 PM

Link

New: This issue is incorporated by ~~CWD-4240~~ [ ~~CWD-4240~~ ]

David Black made changes - 18/Apr/2016 11:41 PM

Fix Version/s		New: 2.8.4 [ 54305 ]
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

joe made changes - 28/Jan/2015 4:50 AM

Labels

Original: no-cvss-required ssl

New: bootcamp no-cvss-required ssl

David Black made changes - 19/Jan/2015 2:44 AM

Description

Original: We can document how users can re-enable SSLv3 but we should disable SSLv3 in the commented out tomcat TLS configuration, so as to prevent customers being vulnerable to POODLE.

New: We can document how users can enable SSLv3 but we should disable SSLv3 in the commented out tomcat TLS configuration, so as to prevent customers being vulnerable to POODLE.

David Black made changes - 19/Jan/2015 2:43 AM

Description

Original: We can document how users can re-enable SSLv3 but we should disable SSLv3 in the commented out tomcat TLS configuration so as to prevent customers being vulnerable to POODLE.

New: We can document how users can re-enable SSLv3 but we should disable SSLv3 in the commented out tomcat TLS configuration, so as to prevent customers being vulnerable to POODLE.

David Black made changes - 19/Jan/2015 2:42 AM

Description	Original: We can document how users can re-enable SSLv3 but we should by disable SSLv3 in the commented out tomcat TLS configuration, so as to prevent customers being vulnerable to POODLE.	New: We can document how users can re-enable SSLv3 but we should disable SSLv3 in the commented out tomcat TLS configuration so as to prevent customers being vulnerable to POODLE.
Summary	Original: Disable SSLv3 by in the commented out TLS tomcat configuration	New: Disable SSLv3 in the commented out TLS tomcat configuration

Assignee:: Unassigned

Reporter:: David Black

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 19/Jan/2015 2:34 AM

Updated:: 15/Aug/2019 7:04 AM

Resolved:: 18/Apr/2016 11:41 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates