Uploaded image for project: 'QuickFIX/J'
  1. QuickFIX/J
  2. QFJ-818

SSL3 “POODLE” Vulnerability impact QuickFIXJ (bundle Apache MINA) ?

          Details

          • Type: Other
          • Status: Closed
          • Priority: Critical
          • Resolution: Incomplete
          • Affects Version/s: 1.5.3
          • Fix Version/s: None
          • Component/s: Networking
          • Labels:
          • Environment:
            quickfixj-all-1.5.3.jar
            mina-core-1.1.7.jar
            mina-filter-ssl-1.1.7.jar
            JRE 6.0.2

            Description

            Hi Support.
            I am developer implemented QuickFIXJ(Client side) got feed from QuickFIXJ(Feed Server side), It using SSL protocol, for my understand QuickFIXJ using Apache MINA for establish SSL protocol.

            According to the links below, seems that any SSL v3 got impact from the POODLE vulnerability..
            the "Poodle" vulnerability, released on October 14th, 2014, is an attack on the SSL 3.0 protocol. It is aprotocol flaw,
            http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability

            Could you help me provide information please?
            1. What's SSL protocol version using in Apache MINA? <= I try to find information unfortunate i not found it.

            2. The “POODLE” Vulnerability will impact with QuickFIXJ (using Apache MINA) if Yes, Can you provide solution to prevent it?

            Thank you very much
            Surachai C.

              Attachments

                Activity

                  People

                  • Assignee:
                    Unassigned
                    Reporter:
                    sceaky surachai chatsomsiri
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: