stackoom
  简体   繁体   中英

Securing a Thrift server aginst the POODLE SSL vulnerability

 原文  2014-10-15 16:06:31       java/ security/ ssl/ thrift

Question

In order to secure my Thrift server against the recently discovered SSLv3 vulnerability , I explicitly stated which protocols should be enabled for the server socket: 

TServerSocket socket = TSSLTransportFactory.getServerSocket(...);
SSLServerSocket sslServerSocket = (SSLServerSocket) socket.getServerSocket;
sslServerSocket.setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});

However, even though a check using the TestSSLServer lists only TLSv1.1 and TLSv1.2, I'm still able to connect with OpenSSL using SSLv3: 

openssl s_client -connect localhost:1111 -ssl3

How can I entirely disable SSLv3 on Thrift, so it fails during the SSL handshake already?

1 answers

solution1
 2 ACCPTED  2014-10-20 14:43:03

It seems I misinterpreted the openssl client output. Even though there is CONNECTED(00000003) on the first line, the error message follows: 

140535757866656:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:

It is, therefore, not possible to connect to the server; the code snippet presented in the question works fine.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Glassfish 2.0 Poodle vulnerability - How to disable SSL and allow TLS only Which SSL Ciphers Should I Remove in Tomcat for the Poodle (SSL3) Vulnerability how to test POODLE vulnerability for Jboss 7AS Non-blocking SSL server using Thrift PayPal IPN stopped working with Tomcat/Open SSL after POODLE update Securing a connection checking SSL Certificate? Play server as a thrift endpoint? Poodle and Websphere ESB / Process Server trying to call an external TLS service hive thrift server is hanging Apache Thrift 2-way SSL mutual authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM