Bug 57117 - Increase the default cipher for HTTPS Test Script Recorder from SSLv3 to TLS
Summary: Increase the default cipher for HTTPS Test Script Recorder from SSLv3 to TLS
Status: RESOLVED FIXED
Alias: None
Product: JMeter
Classification: Unclassified
Component: HTTP (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: JMeter issues mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-19 15:30 UTC by Milamber
Modified: 2014-10-19 15:43 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Milamber 2014-10-19 15:30:55 UTC
The default cipher for the HTTPS Test Script Recorder (JMeter's proxy) is SSLv3. With the recent security issue (CVE-2014-3566) with this cipher, is better to upgrade to TLS (like the current default cipher for HTTP sampler).

Reference:
POODLE: SSLv3 vulnerability (CVE-2014-3566)
https://access.redhat.com/articles/1232123
Comment 1 Milamber 2014-10-19 15:43:44 UTC

URL: http://svn.apache.org/r1632947
Log:
Increase the default cipher for HTTPS Test Script Recorder from SSLv3 to TLS
Edit the proxy.ssl.protocol property in jmeter.properties to return to SSLv3
Bugzilla Id: 57117

Modified:
    jmeter/trunk/bin/jmeter.properties
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/proxy/Proxy.java
    jmeter/trunk/xdocs/changes.xml