Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7595

disable insecure SSL protocols by default in jetty HTTPS sample configuration

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.10
    • Fix Version/s: 2.11, 3.0.0-m3
    • Component/s: Security
    • Labels:
      None
    • Story Points:
      0.5
    • Sprint:
      Sprint 29

      Description

      As a best practice and in response to poodle.io, Nexus jetty-https.xml config files should disableinsecure protocols by default going forward.

      This effectively means disabling SSLv* protocols at present.

      Jetty 9.3 proper is doing this going forward.

      https://bugs.eclipse.org/bugs/show_bug.cgi?id=447381

        Attachments

          Activity

            People

            Assignee:
            cstamas Tamás Cservenák
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title