Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7595

disable insecure SSL protocols by default in jetty HTTPS sample configuration

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.10
    • Fix Version/s: 2.11, 3.0.0-m3
    • Component/s: Security
    • Labels:
      None
    • Story Points:
      0.5
    • Sprint:
      Sprint 29

      Description

      As a best practice and in response to poodle.io, Nexus jetty-https.xml config files should disableinsecure protocols by default going forward.

      This effectively means disabling SSLv* protocols at present.

      Jetty 9.3 proper is doing this going forward.

      https://bugs.eclipse.org/bugs/show_bug.cgi?id=447381

        Attachments

          Activity

            People

            • Assignee:
              cstamas Tamás Cservenák
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Tamás Cservenák
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: