[ale] Poodle and SSLv3 and java/tomcat/SLES OES mess

Brian Mathis brian.mathis+ale at betteradmin.com
Fri Oct 17 15:19:39 EDT 2014


It's a good idea to place apache httpd or some other software in front of
your java apps as a reverse proxy, and only expose httpd to the public.
SSL termination happens at the apache level, so you can patch and make
config changes there instead.


❧ Brian Mathis
@orev


On Fri, Oct 17, 2014 at 1:33 PM, David Millians <millia at panix.com> wrote:

>
> ObBias:I hate java.
> ObStateOfMind: Now, more than ever.
>
> In remediating poodle, I'm now at the point on Sprockets where I have to
> deal with java. Or tomcat. Or whatever the hell in this mess of thousands
> of files is actually doing some serving. It's a SLES/Novell thing all under
> /opt. It doesn't appear that you configure it under /etc. No, that would be
> cheating. Also, jsvc.exec has no man page. Good Lord, you should see these
> two process lines.
>
> I hate Java. I hate that they named it after a beautiful place. I hate
> that I can't articulate how much I hate it. I hate that I hate it hate it
> hate it.
>
> Also, stupid cartoon character logo. And their mother dresses it funny.
>
> The obligatory Goog is insufficient to get me to a point to even START
> figuring out where I go to kill off the appropriate ciphers. Can somebody
> just point me to the right words to start?
>
> /we hates it, yes we does.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20141017/2ce61142/attachment.html>


More information about the Ale mailing list