[NEXUS-7595] disable insecure SSL protocols by default in jetty HTTPS sample configuration - Sonatype JIRA

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.10
Fix Version/s: 2.11, 3.0.0-m3
Component/s: Security
Labels:
None

Story Points:
0.5
Sprint:
Sprint 29

Description

As a best practice and in response to poodle.io, Nexus jetty-https.xml config files should disableinsecure protocols by default going forward.

This effectively means disabling SSLv* protocols at present.

Jetty 9.3 proper is doing this going forward.

https://bugs.eclipse.org/bugs/show_bug.cgi?id=447381

Attachments

Activity

People

Assignee:: Tamás Cservenák

Reporter:: Peter Lynch

Last Updated By:: Peter Lynch

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 10/17/14 07:35 PM

Updated:: 11/07/14 11:30 AM

Resolved:: 11/07/14 11:30 AM

Date of First Response:: 29/Oct/14 11:16 AM

tigCommentSecurity.panel-title