$ JENKINS_HOME=/tmp/POODLE java -jar .../war/target/jenkins.war --httpsPort=4430 & # wait until started... $ if echo Q | openssl s_client -connect localhost:4430 -ssl3 2>&1 | grep -q "Cipher.*0000"; then echo "SSLv3 disabled"; else echo "SSLv3 enabled"; fi SSLv3 enabled
It ought to be blocked by default.
- is related to
-
JENKINS-23925 SSL weak ciphers
-
- Resolved
-
[JENKINS-25169] Winstone potentially vulnerable to POODLE (CVE-2014-3566)
Link |
New:
This issue is related to |
Resolution | New: Fixed [ 1 ] | |
Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
Resolution | Original: Fixed [ 1 ] | |
Status | Original: Resolved [ 5 ] | New: Reopened [ 4 ] |
Assignee | New: Kohsuke Kawaguchi [ kohsuke ] |
Summary | Original: Winstone potentially vulnerable to POODLE | New: Winstone potentially vulnerable to POODLE (CVE-2014-3566) |
Resolution | New: Fixed [ 1 ] | |
Status | Original: Reopened [ 4 ] | New: Resolved [ 5 ] |
Workflow | Original: JNJira [ 159078 ] | New: JNJira + In-Review [ 195983 ] |