Bug #12380
closed
Task #11847: APIM 420 related bugs and improvements
API publishing is getting fail when ignoreHostnameVerification flag is false
Added by Rajitha Kumara 2 months ago.
Updated about 2 months ago.
Description
In a cloud deployment, the ignoreHostnameVerification flag must be false.
Inside:
Hostname verification is a little known part of HTTPS that involves a server identity check to ensure that the client is talking to the correct server and has not been redirected by a man in the middle attack
- Parent task set to #11847
- % Done changed from 0 to 100
- Type set to Platform
Fix : https://github.com/entgra/device-mgt-core/pull/21, https://github.com/entgra-proprietary/product-uem/pull/7
Starting with Java 8u31, SSLv3 was disabled by default in Java. Later versions, including Java 11 and beyond, completely removed support for SSLv3. (security vulnerability - AKA POODLE)
The followings were carried out,
- Removed deprecated okhttp ssl socket factory creation method and updated it to newer.
- Fix OSGi issues when package activating
- Update transport layer security to TLSv1.2 standards (removed SSLv3)
- Status changed from New to QA
- Status changed from QA to QA Accept
- Status changed from QA Accept to Closed
Make sure to define the tls.protocol system property in the iot-server script.
Also available in: Atom
PDF