Publish OSSN to advise about POODLE SSLv3 vulnerability
Bug #1382270 reported by
Nathan Kinder
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Security Notes |
Fix Released
|
Undecided
|
Bryan D. Payne | ||
Bug Description
We should publish an OSSN to discuss how the POODLE SSLv3 vulnerability might affect an OpenStack deployment. There are many variances between deployents, so we should likely just highlight areas that are affected and general advice about disabling SSLv3 on the server and client side. We should also mention common software that is used for SSL in an OpenStack deployment, such as:
- Apache httpd (mod_ssl/mod_nss)
- Nginx
- Stud
- Pound
- HAProxy
- Eventlet
It's too much to write up a how-to for every possible piece of software that is used, but at least pointing out where to look would help deployers in tracking down the proper documentation for disabling SSLv3.
| Changed in ossn: | |
| assignee: | nobody → Bryan D. Payne (bdpayne) |
| Changed in ossn: | |
| status: | New → In Progress |
Revision history for this message
| Nathan Kinder (nkinder) wrote | #1 |
| Changed in ossn: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
This was published as OSSN-0039:
https:/