Modify

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#11167 closed defect (fixed)

disable SSL v3 for josm.openstreetmap.de

Reported by: aseerel4c26 Owned by: stoecker
Priority: normal Milestone:
Component: Trac Version:
Keywords: ssl homepage security Cc:

Description

Please see and improve on https://www.ssllabs.com/ssltest/analyze.html?d=josm.openstreetmap.de

Most importantly: "This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate."

Does anyone really need that protocol from the nineties?! According to the qualys article a major issue is "Internet Explorer 6 on Windows XP". But.. ehm.. yes, enough said.

Of course there is other stuff to work on (RC4 for example), but that is not that important and likely is more difficult. Disabling SSL just needs a tiny config change on the web server.

Thank you!

Attachments (0)

Change History (3)

comment:1 Changed 6 years ago by Don-vip

Component: unspecifiedTrac
Owner: changed from team to stoecker

comment:2 Changed 6 years ago by stoecker

Resolution: fixed
Status: newclosed

Fixed. Was an omission in server move.

I killed the anyway unsupported Java6 with this update. Report issues in case that was too much :-)

comment:3 Changed 6 years ago by aseerel4c26

Grade A - perfect, thanks! :-)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain stoecker.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.