Winstone potentially vulnerable to POODLE (CVE-2014-3566)

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      $ JENKINS_HOME=/tmp/POODLE java -jar .../war/target/jenkins.war --httpsPort=4430 &
# wait until started...
$ if echo Q | openssl s_client -connect localhost:4430 -ssl3 2>&1 | grep -q "Cipher.*0000"; then echo "SSLv3 disabled"; else echo "SSLv3 enabled"; fi
SSLv3 enabled

      It ought to be blocked by default.

            Assignee:
            Kohsuke Kawaguchi
            Reporter:
            Jesse Glick
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: