Freeze Break: SSLv3
T.C. Hollingsworth
tchollingsworth at gmail.com
Wed Oct 15 06:06:08 UTC 2014
On Tue, Oct 14, 2014 at 9:03 PM, Kevin Fenzi <kevin at scrye.com> wrote:
> Sadly, I didn't test auth connections, and they are broken.
>
> Seems koji hard codes SSLv3 as the one and only ssl method. ;(
>
> We will need to get a patch for koji before we can switch it over.
I fixed connecting to a private instance with the attached patch. I
was able to submit a scratch build to the Fedora koji with it applied
too.
Note that it only forces TLSv1 because pyOpenSSL in F20 doesn't seem
to support TLSv1.1 or TLSv1.2. :-(
-T.C.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-use-TLSv1-and-disable-SSLv3-to-avoid-POODLE-attacks.patch
Type: text/x-patch
Size: 1209 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20141014/f97dcdbf/attachment-0001.bin>
More information about the infrastructure
mailing list