Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7595

disable insecure SSL protocols by default in jetty HTTPS sample configuration

Details

    • Improvement
    • Resolution: Fixed
    • Major
    • 2.11, 3.0.0-m3
    • 2.10
    • Security
    • None
    • 0.5
    • Sprint 29

    Description

      As a best practice and in response to poodle.io, Nexus jetty-https.xml config files should disableinsecure protocols by default going forward.

      This effectively means disabling SSLv* protocols at present.

      Jetty 9.3 proper is doing this going forward.

      https://bugs.eclipse.org/bugs/show_bug.cgi?id=447381

      Attachments

        Activity

          People

            cstamas Tamás Cservenák
            plynch Peter Lynch
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              tigCommentSecurity.panel-title