Mahir92 opened a new issue #4689: URL: https://github.com/apache/cloudstack/issues/4689
in file https://github.com/apache/cloudstack/blob/0f3f2a09370a18301db28ec3d28efe746b6437c9/plugins/network-elements/bigswitch/src/main/java/com/cloud/network/bigswitch/TrustingProtocolSocketFactory.java, line 71, the SSL protocol is used in statement: SSLContext sc = SSLContext.getInstance("SSL"); Impact: An SSL DDoS attack targets the SSL handshake protocol either by sending worthless data to the SSL server which will result in connection issues for legitimate users or by abusing the SSL handshake protocol itself. Suggestions: Upgrade the implementation to the “TLS”, and configure https.protocols JVM option to include TLSv1.2: Useful links: https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https https://www.appmarq.com/public/tqi,1039002,CWE-319-Avoid-using-Deprecated-SSL-protocols-to-secure-connection Please share with us your opinions/comments if there is any: Is the bug report helpful? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
