Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 3.1.0
Affects Version/s: 2.5.1, 3.0, 3.0.2
Component/s: memcached
Security Level: Public
Labels:
None

Triage:
Untriaged
Flagged:

Release Note
Is this a Regression?:
No

Description

Poodle attack described here: http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html

More user friendly description here: http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html

My thinking is we currently fix this for 3.0.1 and then create an MB to backport to 2.5.2 whenever that ships.

Suggested fix: remove SSL v3 support in the versions the server SSL socket supports.

Attachments

Issue Links

blocks

MB-14772 3.1.0 Minor Release

Resolved

relates to

MB-12358 Remove support for SSL v3 in ns_server SSL server sockets to mitigate against the POODLE attack

Resolved

MB-12359 Remove support for SSL v3 in memcached SSL server sockets to mitigate against the POODLE attack

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Trond Norbye

Reporter:: Dave Finlay

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 13/May/15 5:50 PM

Updated:: 13/Jul/15 2:26 PM

Resolved:: 19/May/15 5:05 AM

Gerrit Reviews

There are no open Gerrit changes

PagerDuty