[Bugs] [Bug 1155630] GlusterFS allows insecure SSL modes
bugzilla at redhat.com
bugzilla at redhat.com
Wed Oct 29 17:31:44 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1155630
--- Comment #3 from Anand Avati <aavati at redhat.com> ---
COMMIT: http://review.gluster.org/8967 committed in release-3.4 by Kaleb
KEITHLEY (kkeithle at redhat.com)
------
commit 4dc4325a4c643b25fa7b670a30cf253491740d97
Author: Kaleb S. KEITHLEY <kkeithle at redhat.com>
Date: Wed Oct 22 10:25:29 2014 -0400
socket: disallow CBC cipher modes
This is related to CVE-2014-3566 a.k.a. POODLE.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
POODLE is specific to CBC cipher modes in SSLv3. Because there is no
way to prevent SSLv3 fallback on a system with an unpatched version of
OpenSSL, users of such systems can only be protected by disallowing CBC
modes. The default cipher-mode specification in our code has been
changed accordingly.
cherry picked from http://review.gluster.org/#/c/8962/
BZ 1155328
Change-Id: Id38a7eb3ab55058a0ee5dda9cb4c62b49b1ab9cb
BUG: 1155630
Signed-off-by: Kaleb S. KEITHLEY <kkeithle at redhat.com>
Reviewed-on: http://review.gluster.org/8967
Reviewed-by: Jeff Darcy <jdarcy at redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=GORPzcfagv&a=cc_unsubscribe
More information about the Bugs
mailing list