Anonymous | Login | 2024-11-22 23:07 EST |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||
0001866 | PacketFence | security | public | 2015-02-11 16:22 | 2015-02-18 10:47 | |||
Reporter | ae3 | |||||||
Assigned To | lmunro | |||||||
Priority | high | Severity | minor | Reproducibility | always | |||
Status | closed | Resolution | fixed | |||||
Platform | Linux | OS | RHEL / CentOS | OS Version | 6 | |||
Product Version | 4.6.0 | |||||||
Target Version | Fixed in Version | |||||||
Summary | 0001866: Disable SSLv3 on web servers for POODLE | |||||||
Description | (This applies to version 4.6.0, which is still not available in the pull-down) SSLv3 is enabled by default in Apache config files. Not a best common practice with POODLE on the loose. | |||||||
Steps To Reproduce | Boot PF, run this command from a Linux/Mac/Unix client, look for handshake error if SSLv3 is properly disabled: openssl s_client -connect [hostname]:443 -ssl3 | |||||||
Additional Information | I edited the httpd.* files to pass our quarterly external audit, but this should be a permanent setting in the distributed config files IMO. | |||||||
Tags | No tags attached. | |||||||
fixed in git revision | ||||||||
fixed in mtn revision | ||||||||
Attached Files | ||||||||
Notes | |
(0003842) lmunro (administrator) 2015-02-16 10:14 |
Working on it. See pull request 344. It needs some testing. |
(0003843) lmunro (administrator) 2015-02-16 10:50 |
Opened issue 345 on github. https://github.com/inverse-inc/packetfence/issues/345 [^] |
(0003850) lmunro (administrator) 2015-02-18 10:47 |
Moved to github issue 0000345 |
Issue History | |||
Date Modified | Username | Field | Change |
2015-02-11 16:22 | ae3 | New Issue | |
2015-02-12 11:46 | lmunro | Assigned To | => lmunro |
2015-02-12 11:46 | lmunro | Status | new => assigned |
2015-02-12 11:46 | lmunro | Product Version | 4.5.0 => 4.6.0 |
2015-02-16 10:14 | lmunro | Note Added: 0003842 | |
2015-02-16 10:50 | lmunro | Note Added: 0003843 | |
2015-02-18 10:47 | lmunro | Note Added: 0003850 | |
2015-02-18 10:47 | lmunro | Status | assigned => closed |
2015-02-18 10:47 | lmunro | Resolution | open => fixed |
Copyright © 2000 - 2012 MantisBT Group |