Disable SSLv3 and RC4 by default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-dashboard (Juju Charms Collection) |
Fix Released
|
High
|
Unassigned |
Bug Description
A default deployed (on 14.04) Openstack dashboard is vulnerable to both SSLv3 attacks and RC4. This affects all dashboards that run on 14.04.
IE support is generally not considered (especially below IE8), which means it's likely safe for us to disable SSLv3.
https:/
RC4 looks ok too, as most people will not be going through network proxies to reach the dashboard:
https:/
In both cases major websites will not be working for them if they use a web browser - and likely the dashboard won't be working correctly either.
Discussion about this taking place on ML here: https:/
For example, see:
(must ignore warnings and mismatches to run) https:/
https:/
Changed in openstack-dashboard (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
This change has already been committed in the master branch:
https:/ /github. com/openstack/ charm-openstack -dashboard/ commit/ 106f418f13c073b 1e7d4c57483f423 d5f4d0dd10