[NEXUS-7595] disable insecure SSL protocols by default in jetty HTTPS sample configuration - Sonatype JIRA

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.10
Fix Version/s: 2.11, 3.0.0-m3
Component/s: Security
Labels:
None

Story Points:
0.5
Sprint:
Sprint 29

Description

As a best practice and in response to poodle.io, Nexus jetty-https.xml config files should disableinsecure protocols by default going forward.

This effectively means disabling SSLv* protocols at present.

Jetty 9.3 proper is doing this going forward.

https://bugs.eclipse.org/bugs/show_bug.cgi?id=447381

Attachments

Activity

People

Assignee:

Tamás Cservenák

Reporter:

Peter Lynch

Last Updated By:

Tamás Cservenák

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

10/17/14 07:35 PM

Updated:

11/07/14 11:30 AM

Resolved:

11/07/14 11:30 AM

Date of First Response:

29/Oct/14 11:16 AM