livem / jain-sip

Automatically exported from code.google.com/p/jain-sip
0 stars 0 forks source link

Disable SSL protocols from default TLS Client Protocols to avoid Poodle Flaw #148

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
a number of news sources, corporations and the OpenSSL team reported yesterday 
14 October 2014 that version 3 of Secure Sockets Layer (SSLv3) is vulnerable at 
the protocol level. 
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ss
l-30.html
JAIN SIP has versions of SSL enabled by default for TLS. Those should be 
disabled to avoid any kind of security flaws.

See https://java.net/jira/browse/JSIP-482

Original issue reported on code.google.com by jean.deruelle on 16 Oct 2014 at 8:33

GoogleCodeExporter commented 9 years ago
This issue was updated by revision a933018488dc.

Move the defaults TLS enabled protocols to TLSv1.2, TLSv1.1, TLSv1

Original comment by jean.der...@telestax.com on 16 Oct 2014 at 8:49

GoogleCodeExporter commented 9 years ago

Original comment by jean.deruelle on 16 Oct 2014 at 8:51

GoogleCodeExporter commented 9 years ago
See https://telestax.atlassian.net/browse/JSIP-18

Original comment by jean.deruelle on 16 Oct 2014 at 9:05