[asterisk-bugs] [JIRA] (ASTERISK-24425) [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566)
abelbeck (JIRA)
noreply at issues.asterisk.org
Thu Oct 16 11:09:28 CDT 2014
abelbeck created ASTERISK-24425:
-----------------------------------
Summary: [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566)
Key: ASTERISK-24425
URL: https://issues.asterisk.org/jira/browse/ASTERISK-24425
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Resources/res_jabber, Resources/res_xmpp
Affects Versions: 11.13.0, 1.8.31.0, SVN
Environment: AstLinux with Prosody 0.9.6
Reporter: abelbeck
Asterisk's Jabber and XMPP implementations strictly use SSLv3, which has the POODLE (CVE-2014-3566) security issue.
The attached patches force a TLS method instead of SSLv3.
Full disclosure, this is my first forte into OpenSSL specifics and my knowledge is all from online research. There may be a better way.
This works in my limited testing.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list