$ JENKINS_HOME=/tmp/POODLE java -jar .../war/target/jenkins.war --httpsPort=4430 & # wait until started... $ if echo Q | openssl s_client -connect localhost:4430 -ssl3 2>&1 | grep -q "Cipher.*0000"; then echo "SSLv3 disabled"; else echo "SSLv3 enabled"; fi SSLv3 enabled
It ought to be blocked by default.
- is related to
-
JENKINS-23925 SSL weak ciphers
-
- Resolved
-
Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
war/pom.xml
http://jenkins-ci.org/commit/jenkins/15fbd281b8df0a7894a0f4e6d2c65b0fbf0f8a87
Log:
[FIXED JENKINS-25169]
Integrated the new winstone.jar for 1.580.1
(cherry picked from commit 7c2254fbf8d643dc58673d01c97fd855f983d4bf)
Conflicts:
changelog.html
war/pom.xml