PhantomJS needs to default to secure SSL Protocols #12651

OverlordQ · 2014-10-15T21:32:33Z

Defaulting to SSLv3 is now a bad choice as it is provably broken.

mattrobenolt · 2014-10-15T22:26:52Z

👍

vitallium · 2014-10-16T06:15:28Z

Should we switch to TLS by default like the others?

dvdplm · 2014-10-16T10:03:53Z

For anyone else cruising by here, --ssl-protocol=[sslv3|sslv2|tlsv1|any'] is the workaround for post-POODLE phantomjs based issues. Running tests with --ssl-protocol=any works for us against our newly patched servers.

@estoner Thanks! :)

brian-c · 2014-10-16T15:53:14Z

👍

mattrobenolt · 2014-10-16T15:54:26Z

I'd vote for the default to be any and sslv3 is just removed entirely.

markstos · 2014-10-20T21:00:58Z

This issue is addressed by my recent pull request: #12663

ariya · 2014-10-25T15:56:37Z

Refer to #12655.

estoner mentioned this issue Oct 15, 2014

Testem/PhantomJS fails due to POODLE fix testem/testem#419

Closed

ariya closed this as completed Oct 25, 2014

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PhantomJS needs to default to secure SSL Protocols #12651

PhantomJS needs to default to secure SSL Protocols #12651

OverlordQ commented Oct 15, 2014

mattrobenolt commented Oct 15, 2014

vitallium commented Oct 16, 2014

dvdplm commented Oct 16, 2014

brian-c commented Oct 16, 2014

mattrobenolt commented Oct 16, 2014

markstos commented Oct 20, 2014

ariya commented Oct 25, 2014

PhantomJS needs to default to secure SSL Protocols #12651

PhantomJS needs to default to secure SSL Protocols #12651

Comments

OverlordQ commented Oct 15, 2014

mattrobenolt commented Oct 15, 2014

vitallium commented Oct 16, 2014

dvdplm commented Oct 16, 2014

brian-c commented Oct 16, 2014

mattrobenolt commented Oct 16, 2014

markstos commented Oct 20, 2014

ariya commented Oct 25, 2014