Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
None
Description
We can document how users can enable SSLv3 but we should disable SSLv3 in the commented out tomcat TLS configuration, so as to prevent customers being vulnerable to POODLE.
Attachments
Issue Links
- is incorporated by
-
CWD-4240 Upgrade tomcat to a version >= 7.0.55
-
- Closed
-
- relates to
-
CONFSERVER-35386 SSLv3 Is Not Disabled When sslProtocol is Set to TLS, Vulnerable to POODLE
-
- Closed
-