Context Navigation

Modify ↓

#11167 closed defect (fixed)

disable SSL v3 for josm.openstreetmap.de

Reported by:	aseerel4c26	Owned by:	stoecker
Priority:	normal	Milestone:
Component:	Trac	Version:
Keywords:	ssl homepage security	Cc:

Description

Please see and improve on https://www.ssllabs.com/ssltest/analyze.html?d=josm.openstreetmap.de

Most importantly: "This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate."

Does anyone really need that protocol from the nineties?! According to the qualys article a major issue is "Internet Explorer 6 on Windows XP". But.. ehm.. yes, enough said.

Of course there is other stuff to work on (RC4 for example), but that is not that important and likely is more difficult. Disabling SSL just needs a tiny config change on the web server.

Thank you!

Attachments (0)

Change History (3)

comment:1 by Don-vip, 9 years ago

Component:	unspecified → Trac
Owner:	changed from team to stoecker

comment:2 by stoecker, 9 years ago

Resolution:	→ fixed
Status:	new → closed

Fixed. Was an omission in server move.

I killed the anyway unsupported Java6 with this update. Report issues in case that was too much :-)

comment:3 by aseerel4c26, 9 years ago

Grade A - perfect, thanks! :-)

Modify Ticket

Change Properties

Summary:
Type:		Priority:
Milestone:		Component:
Version:		Keywords:
Cc:	Set your email in Preferences

Action

leave as closed The owner will remain stoecker.

change resolution as The resolution will be set.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: