1165463 – (6.3.z) HornetQ: Disallow SSLv3 [6.3.z][defense-in-depth]

Bug 1165463 - (6.3.z) HornetQ: Disallow SSLv3 [6.3.z][defense-in-depth]

Summary: (6.3.z) HornetQ: Disallow SSLv3 [6.3.z][defense-in-depth]

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	HornetQ
Sub Component:
Version:	6.3.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	CR1
Target Release:	EAP 6.3.3
Assignee:	baranowb
QA Contact:	Miroslav Novak
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1127075 (view as bug list)
Depends On:	1165456
Blocks:	1149127 eap633-payload
TreeView+	depends on / blocked

Reported:	2014-11-19 02:27 UTC by Arun Babu Neelicattu
Modified:	2019-08-19 12:40 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-08-19 12:40:41 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	1475943	0	None	None	None	2016-02-29 23:13:23 UTC

Description Arun Babu Neelicattu 2014-11-19 02:27:25 UTC

In light of POODLE, it is recommended that the use of SSLv3 be disabled as a hardening measure. This has been already done upstream via jira HORNETQ-1444. The relevant upstream commit is at [1]. We also recommend SSL support be dropped in favor of TLS protocols if feasible.

[1] https://github.com/hornetq/hornetq/commit/e9825f22568eacfb40058ce5177497cbaf2af1a0

Comment 5 Miroslav Novak 2015-01-19 13:05:17 UTC

Verified in EAP 6.3.3.CP.CR1.

Comment 9 [DISABLED] 2015-05-11 13:17:02 UTC

Thanks Tim :)

Comment 10 Jason Shepherd 2015-07-10 02:54:26 UTC

*** Bug 1127075 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.