Bug 1153313 - Disable SSLv3 to mitigate POODLE CVE-2014-3566
Summary: Disable SSLv3 to mitigate POODLE CVE-2014-3566
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OKD
Classification: Red Hat
Component: Security
Version: 2.x
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Luke Meyer
QA Contact: Xiaoli Tian
URL:
Whiteboard:
Depends On:
Blocks: 1153319
TreeView+ depends on / blocked
 
Reported: 2014-10-15 18:23 UTC by Luke Meyer
Modified: 2015-07-07 23:44 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1153319 (view as bug list)
Environment:
Last Closed: 2015-07-07 23:44:26 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Luke Meyer 2014-10-15 18:23:48 UTC 
Description of problem:
Per https://access.redhat.com/articles/1232123 httpd configuration should disable the SSLv3 protocol.
Comment 1 Luke Meyer 2014-10-15 18:44:58 UTC 
https://github.com/openshift/origin-server/pull/5872
Comment 2 openshift-github-bot 2014-10-16 04:05:17 UTC 
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/77a0deb928071bac235dff804bbf506a9113e151
Bug 1153313: Disable SSLv3

Bug 1153313 - Disable SSLv3 to mitigate POODLE CVE-2014-3566
https://bugzilla.redhat.com/show_bug.cgi?id=1153313
Comment 3 Luke Meyer 2014-10-17 14:18:34 UTC 
Note this is Origin. I fully expect that Online devenvs control this configuration some other way.
Comment 4 Jianwei Hou 2015-05-15 10:40:10 UTC 
SSLv3 is disabled on online and origin. Mark this as verified.
Comment 5 openshift-github-bot 2015-06-11 20:01:50 UTC 
Commit pushed to master at https://github.com/openshift/li

https://github.com/openshift/li/commit/447b45d70987c60d5889d29ec59c9acbfd75ac2e
Bug 1153313 - Disable SSLv3

Probably irrelevant for online where confs come out of puppet, but best
to have devenvs match origin.
Note You need to log in before you can comment on or make changes to this bug.