[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Downloadable carts and reflector fixes for SSLv3 bug



rubygem-httpclient-2.4.0-1.el6oso
and
ruby193-rubygem-httpclient-2.4.0-1.el6oso

have been pushed to the openshift origin nightly repo.

Troy

On 10/15/2014 02:16 PM, Jordan Liggitt wrote:
> You can also update httpclient to 2.4.0, which stops hard-coding ssl v3
> and allows ssl negotiation:
> 
> https://github.com/nahi/httpclient/commit/94c4ea668d34d5b11eeddd5d58fa9487ee24c02e
> 
> 
> 
> On 10/15/2014 03:13 PM, Mateus Caruccio wrote:
>> Hi there.
>>
>> After half the world disabled it's SSLv3 support, downloadable
>> cartridges has stoped to work when using HTTPS manifest files on OO
>> release-3. the problem lies on HTTPClient gem, which seams to use
>> SSLv3 by default and refuses to switch to TLS on-the-fly.
>>
>> We have patched r3 in order to allow TLSv1 only on downloadable
>> carts: https://github.com/getupcloud/origin-server/commit/8212fdf2c6eed36900237ff13cb38a22329dceec
>>
>> Could someone please validade if it's ok, and point any other place we
>> may be ignoring?
>>
>> Also, if you have your own running cart reflector, here is a patch to
>> allow it to download from github:
>> https://github.com/smarterclayton/cartridge-reflector/pull/9
>>
>> Regards,
>> *Mateus Caruccio*
>> Master of Puppets
>>
>> +55 (51) 8298.0026
>> gtalk: _mateus caruccio getupcloud com
>> <mailto:diogo goebel getupcloud com>
>> twitter: @MateusCaruccio <https://twitter.com/MateusCaruccio>
>>
>> _
>>
>> This message and any attachment are solely for the intended
>> recipient and may contain confidential or privileged information
>> and it can not be forwarded or shared without permission.
>> Thank you!
>>
>>
>>
>> _______________________________________________
>> dev mailing list
>> dev lists openshift redhat com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
> 
> 
> 
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]