#11167 closed defect (fixed)
disable SSL v3 for josm.openstreetmap.de
Reported by: | aseerel4c26 | Owned by: | stoecker |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | Trac | Version: | |
Keywords: | ssl homepage security | Cc: |
Description
Please see and improve on https://www.ssllabs.com/ssltest/analyze.html?d=josm.openstreetmap.de
Most importantly: "This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate."
Does anyone really need that protocol from the nineties?! According to the qualys article a major issue is "Internet Explorer 6 on Windows XP". But.. ehm.. yes, enough said.
Of course there is other stuff to work on (RC4 for example), but that is not that important and likely is more difficult. Disabling SSL just needs a tiny config change on the web server.
Thank you!
Attachments (0)
Change History (3)
comment:1 by , 9 years ago
Component: | unspecified → Trac |
---|---|
Owner: | changed from | to
comment:2 by , 9 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed. Was an omission in server move.
I killed the anyway unsupported Java6 with this update. Report issues in case that was too much :-)