OpenSSL vulnerability

[Dave Dash]

Does anybody know if Jenkins is susceptible to this:

http://www.openssl.org/news/secadv_20140605.txt

[Stephen Connolly]

most people do not have Jenkins do the TLS transport directly but instead front Jenkins with an SSL engine if they need SSL... thus more correctly you should ask:

* have I configured by Jenkins instance to serve HTTPS

* did I use Jenkins's native container and its native TLS support or did I use Nginx/Apache HTTPD/HAProxy/etc

Once you have determined who is doing the TLS then you can ask whether the issue is present in that software...

IOW it is one of:

* The JVM

* Nginix

* Apache HTTPD

* HAProxy

* etc

Jenkins itself does not have a "private" ssl implementation

On 5 June 2014 13:40, Dave Dash <da...@pinterest.com> wrote:

Does anybody know if Jenkins is susceptible to this:

http://www.openssl.org/news/secadv_20140605.txt

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Dave Dash]

I wasn't worried so much about the web serving since we front ours with a web server that proxies to HTTP, but anything internal to jenkins itself that I might not be thinking of.

Thanks, this confirms my thoughts.

--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/merirUlMozc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-use...@googlegroups.com.