HI Nair,
it appears we are, as JX uses the native java SSL support, and allows
downgrading from TLS.
There seem to be two fixes:
a: (best) disable SSLv3 support on the ldap server (you should probably
do this anyway)
b: in JXplorer, change the config value "option.ssl.protocol" from
"any" to "TLSv1" (I haven't tested this however).
- Chris
-----
*Dr Christopher Betts*
Australian Cloud Identity
http://cloudidentity.com.au
m: 0408 533 456
Post by Nair, Sandeep S Hi,
Is Jxplorer vulnerable to the poodle SSLv3 vulnerability (CVE-2014-3566)?
Thanks
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Jxplorer-users mailing list
https://lists.sourceforge.net/lists/listinfo/jxplorer-users