[ https://issues.apache.org/jira/browse/HADOOP-11260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14194997#comment-14194997 ]
Mike Yoder commented on HADOOP-11260: ------------------------------------- Some references for your reading enjoyment: * https://www.openssl.org/~bodo/ssl-poodle.pdf * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 * https://access.redhat.com/articles/1232123 * https://www.imperialviolet.org/2014/10/14/poodle.html * https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html * http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html * http://blog.erratasec.com/2014/10/some-poodle-notes.html * http://www.thoughtcrime.org/blog/the-cryptographic-doom-principle/ * http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation * http://en.wikipedia.org/wiki/Transport_Layer_Security > Patch up Jetty to disable SSLv3 > ------------------------------- > > Key: HADOOP-11260 > URL: https://issues.apache.org/jira/browse/HADOOP-11260 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.5.1 > Reporter: Karthik Kambatla > Assignee: Mike Yoder > Priority: Blocker > Attachments: HADOOP-11260.001.patch > > > Hadoop uses an older version of Jetty that allows SSLv3. We should fix it up. -- This message was sent by Atlassian JIRA (v6.3.4#6332)