PacketFence
Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001866PacketFencesecuritypublic2015-02-11 16:222015-02-18 10:47
Reporterae3 
Assigned Tolmunro 
PriorityhighSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformLinuxOSRHEL / CentOSOS Version6
Product Version4.6.0 
Target VersionFixed in Version 
Summary0001866: Disable SSLv3 on web servers for POODLE
Description(This applies to version 4.6.0, which is still not available in the pull-down)

SSLv3 is enabled by default in Apache config files. Not a best common practice with POODLE on the loose.
Steps To ReproduceBoot PF, run this command from a Linux/Mac/Unix client, look for handshake error if SSLv3 is properly disabled:

openssl s_client -connect [hostname]:443 -ssl3

Additional InformationI edited the httpd.* files to pass our quarterly external audit, but this should be a permanent setting in the distributed config files IMO.
TagsNo tags attached.
fixed in git revision
fixed in mtn revision
Attached Files

- Relationships

-  Notes
(0003842)
lmunro (administrator)
2015-02-16 10:14

Working on it.
See pull request 344.
It needs some testing.
(0003843)
lmunro (administrator)
2015-02-16 10:50

Opened issue 345 on github.
https://github.com/inverse-inc/packetfence/issues/345 [^]
(0003850)
lmunro (administrator)
2015-02-18 10:47

Moved to github issue 0000345

- Issue History
Date Modified Username Field Change
2015-02-11 16:22 ae3 New Issue
2015-02-12 11:46 lmunro Assigned To => lmunro
2015-02-12 11:46 lmunro Status new => assigned
2015-02-12 11:46 lmunro Product Version 4.5.0 => 4.6.0
2015-02-16 10:14 lmunro Note Added: 0003842
2015-02-16 10:50 lmunro Note Added: 0003843
2015-02-18 10:47 lmunro Note Added: 0003850
2015-02-18 10:47 lmunro Status assigned => closed
2015-02-18 10:47 lmunro Resolution open => fixed


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker