logstash-forwarder and logstash -- susceptibility to POODLE vulnerability
The combination of Logstash Forwarder and Lumberjack input (and
output) was vulnerable to the POODLE attack in SSLv3 protocol. We
have disabled SSLv3 for this combination and set the minimum version
to be TLSv1.0. We have added this vulnerability to our CVE page and
are working on filling out the CVE.
Thanks to Tray Torrance, Marc Chadwick, and David Arena for
SSLv3 is no longer supported; TLS 1.0+ is required (compatible
with Logstash 1.4.2+).
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright