Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 4.5.0
Affects Version/s: 4.0.0, 4.1.0, 4.5.0
Component/s: XDCR
Labels:
None

Triage:
Untriaged
Is this a Regression?:
Unknown

Description

In SSL replication, when target cluster is of version 4.0 and up, XDCR attempts to do server name check in tls handshake. This is done incorrectly, though, and the server name check is effectively skipped. This creates an unnecessary vulnerability that needs to be fixed.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Yu Sui (Inactive)

Reporter:: Yu Sui (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Apr/16 5:34 PM

Updated:: 03/May/16 7:17 PM

Resolved:: 22/Apr/16 10:26 AM

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

MB-19325 fix server name to verify against in ssl over mem mode: Gerrit Review:

XDCR server name verification not effective in SSL over MEM mode

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty