[CWD-4214] Disable SSLv3 in the commented out TLS tomcat configuration

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.8.4
Affects Version/s: None
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

We can document how users can enable SSLv3 but we should disable SSLv3 in the commented out tomcat TLS configuration, so as to prevent customers being vulnerable to POODLE.

is incorporated by

CWD-4240 Upgrade tomcat to a version >= 7.0.55

Closed

relates to

CONFSERVER-35386 SSLv3 Is Not Disabled When sslProtocol is Set to TLS, Vulnerable to POODLE

Closed

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: David Black

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 19/Jan/2015 2:34 AM

Updated:: 15/Aug/2019 7:04 AM

Resolved:: 18/Apr/2016 11:41 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates