Bug 57117

Summary: Increase the default cipher for HTTPS Test Script Recorder from SSLv3 to TLS
Product: JMeter Reporter: Milamber <milamber>
Component: HTTPAssignee: JMeter issues mailing list <issues>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: All   

Description Milamber 2014-10-19 15:30:55 UTC
The default cipher for the HTTPS Test Script Recorder (JMeter's proxy) is SSLv3. With the recent security issue (CVE-2014-3566) with this cipher, is better to upgrade to TLS (like the current default cipher for HTTP sampler).

Reference:
POODLE: SSLv3 vulnerability (CVE-2014-3566)
https://access.redhat.com/articles/1232123
Comment 1 Milamber 2014-10-19 15:43:44 UTC

URL: http://svn.apache.org/r1632947
Log:
Increase the default cipher for HTTPS Test Script Recorder from SSLv3 to TLS
Edit the proxy.ssl.protocol property in jmeter.properties to return to SSLv3
Bugzilla Id: 57117

Modified:
    jmeter/trunk/bin/jmeter.properties
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
    jmeter/trunk/xdocs/changes.xml