request #7999 Default Apache conf provided with Tuleap still allow SSLv3 and weak ciphers

Infos

Artifact ID#7999

Submitted byThomas Gerbet (tgerbet)

Last Modified On2015-06-29 09:39

Submitted on2015-04-13 16:56

Rank8018

Details

Summary *

Default Apache conf provided with Tuleap still allow SSLv3 and weak ciphers

Original Submission

The configuration file provided by Tuleap is outdated and allow the use of deprecated protocol and/or weak ciphers.

References
CVE-2014-3566
CVE-2011-3389

CategoryInstallation process

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toEmpty

StatusClosed

Close date2015-06-29

Attachments

AttachmentsEmpty

References

Cross references

Referencing request #7999

Artifact Tracker v5

rel #8180 8.4

Git commit

tuleap/tuleap/stable

Merge commit 'refs/changes/63/3863/4' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD d6512e11e6

Yannis ROSSETTO (rossettoy) , 2015-06-29 09:37

request #7999: Disallow SSLv3 and weak ciphers in the default Apache configuration 78839f29ec

Thomas Gerbet (tgerbet) , 2015-06-26 16:04

Show items referenced by request #7999

Referenced by request #7999

Other

gerrit #3863

Follow-ups

Yannis ROSSETTO (rossettoy)

2015-06-29 09:39

Merged in Tuleap 8.3.99.5

Status changed from Under review to Closed
Close date set to 2015-06-29

Thomas Gerbet (tgerbet)

2015-04-13 17:18

A patch is under review: gerrit #3863.

Status changed from Under implementation to Under review

Public