View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003389 | 10000-002: Security | Spec | public | 2016-03-30 15:27 | 2018-04-03 16:25 |
| Reporter | randyarmstrong | Assigned To | Paul Hunkar | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Summary | 0003389: [DROWN] When using HTTPS certificates may be shared by multiple applications. SSLv2 must be disabled for all. | ||||
| Description | When using HTTPS certificates may be shared by multiple applications. SSLv2 must be disabled for all. For example, a web server could be running independently of the UA server and use the same TLS certificate. If this situation exists SSLv2 could be used compromise UA communication even though SSLv2 is not enabled for UA communication. | ||||
| Tags | No tags attached. | ||||
| Commit Version | |||||
| Fix Due Date | |||||
|
|
Add guidance to Part 2. |
|
|
HTTPS is a transport security and has no discussion in part 2, but a new section should be included to provided a discussion on transport layer security and how it affect OPC UA communication and any constraints that should be placed on Transport layer security |
|
|
Agreed to changes edited in telecon. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2016-03-30 15:27 | randyarmstrong | New Issue | |
| 2016-03-30 15:28 | randyarmstrong | Summary | When using HTTPS certificates may be shared by multiple applications. SSLv2 must be disabled for all. => [DROWN] When using HTTPS certificates may be shared by multiple applications. SSLv2 must be disabled for all. |
| 2016-04-26 16:48 | randyarmstrong | Note Added: 0006840 | |
| 2016-04-26 16:48 | randyarmstrong | Assigned To | => Paul Hunkar |
| 2016-04-26 16:48 | randyarmstrong | Status | new => assigned |
| 2016-04-26 16:49 | randyarmstrong | Project | Cyber Security => 10000-002: Security |
| 2016-04-26 16:49 | randyarmstrong | Category | weakness => Api Change |
| 2017-08-29 18:58 | Paul Hunkar | Category | Api Change => Spec |
| 2017-08-29 18:58 | Paul Hunkar | Target Version | => 1.04 |
| 2017-09-27 07:10 | Paul Hunkar | Note Added: 0008512 | |
| 2018-04-03 16:25 | Jim Luth | Note Added: 0008983 | |
| 2018-04-03 16:25 | Jim Luth | Status | assigned => closed |
| 2018-04-03 16:25 | Jim Luth | Resolution | open => fixed |
| 2018-04-03 16:25 | Jim Luth | Fixed in Version | => 1.04 |
