Back to bug 1304812

Who When What Removed Added
Hubert Kario 2016-02-08 13:30:30 UTC QA Contact qe-baseos-security hkario
Nikos Mavrogiannopoulos 2016-02-11 12:44:49 UTC Blocks 1306607
Nikos Mavrogiannopoulos 2016-02-11 12:58:34 UTC CC emaldona, nmavrogi
Flags needinfo?(emaldona)
Elio Maldonado Batiz 2016-02-11 15:51:01 UTC Flags needinfo?(emaldona) needinfo?(rrelyea)
Nikos Mavrogiannopoulos 2016-02-11 15:55:24 UTC Flags needinfo?(rrelyea)
Tomas Hoger 2016-02-25 11:17:31 UTC CC thoger
Tomas Hoger 2016-02-25 12:39:29 UTC Depends On 1311981
Elio Maldonado Batiz 2016-03-03 16:02:48 UTC Attachment #1132852 Attachment description disable ssl2 suppprt - libssl part disable ssl2 suppport - libssl part
Elio Maldonado Batiz 2016-03-03 16:04:11 UTC Attachment #1132853 Attachment description disable ssl2 suppport - test scripts part disable ssl2 support - test scripts part
Elio Maldonado Batiz 2016-03-03 22:14:51 UTC Status NEW MODIFIED
Fixed In Version nss-3.21.0-5.el6
errata-xmlrpc 2016-03-03 22:19:01 UTC Status MODIFIED ON_QA
errata-xmlrpc 2016-04-05 13:28:13 UTC Status ON_QA VERIFIED
Jana Heves 2016-04-20 09:28:40 UTC CC jsvarova
Docs Contact jsvarova
Doc Text Support for SSLv2 has been disabled

SSLv2 is insecure and should not be used in current deployments, and thus has been disabled without a way to override. All modern browsers and frameworks can not negotiate SSLv2 connections in default configuration and many can not be configured to perform SSLv2 negotiation. Recent OpenSSL vulnerability (CVE-2015-3197) shows that keeping this code is a liability. In addition, upstream has already removed support for SSLv2 (MZBZ#1228555).
Doc Type Bug Fix Release Note
Lenka Špačková 2016-04-29 17:05:52 UTC Doc Text Support for SSLv2 has been disabled

SSLv2 is insecure and should not be used in current deployments, and thus has been disabled without a way to override. All modern browsers and frameworks can not negotiate SSLv2 connections in default configuration and many can not be configured to perform SSLv2 negotiation. Recent OpenSSL vulnerability (CVE-2015-3197) shows that keeping this code is a liability. In addition, upstream has already removed support for SSLv2 (MZBZ#1228555). 		Support for SSLv2 has been disabled

SSLv2 is insecure and should not be used in current deployments, and thus has been disabled without a way to override. All modern browsers and frameworks cannot negotiate SSLv2 connections in default configuration and many cannot be configured to perform SSLv2 negotiation. Recent OpenSSL vulnerability (CVE-2015-3197) shows that keeping this code is a liability. In addition, upstream has already removed support for SSLv2 (MZBZ#1228555).
Jana Heves 2016-05-09 09:51:17 UTC Doc Text Support for SSLv2 has been disabled

SSLv2 is insecure and should not be used in current deployments, and thus has been disabled without a way to override. All modern browsers and frameworks cannot negotiate SSLv2 connections in default configuration and many cannot be configured to perform SSLv2 negotiation. Recent OpenSSL vulnerability (CVE-2015-3197) shows that keeping this code is a liability. In addition, upstream has already removed support for SSLv2 (MZBZ#1228555). 		Support for SSLv2 has been disabled

SSLv2 is insecure and should not be used in current deployments, and thus has been disabled without a way to override. All modern browsers and frameworks cannot negotiate SSLv2 connections in default configuration and many cannot be configured to perform SSLv2 negotiation. A recent OpenSSL vulnerability (CVE-2015-3197) shows that keeping this code is a liability. In addition, upstream has already removed support for SSLv2 (MZBZ#1228555).
errata-xmlrpc 2016-05-09 16:40:07 UTC Status VERIFIED RELEASE_PENDING
errata-xmlrpc 2016-05-10 21:10:20 UTC Status RELEASE_PENDING CLOSED
Resolution --- ERRATA
Last Closed 2016-05-10 17:10:20 UTC

Back to bug 1304812