Disable SSLv3 on Tomcat

Description

SSLv3 should be disabled on tomcat to prevent the POODLE vulnerability bug (https://www.openssl.org/~bodo/ssl-poodle.pdf)

Environment

None

Attachments

03 Nov 2014, 01:57 PM

Activity

Show:

Carlos Ruiz March 18, 2015 at 8:25 PM

Thanks @Hesham Ahmed, I'm not integrating this patch as r3 moved to jetty, but I think it deserves a wiki page explaining how to secure the default tomcat and pointing to the patch here - and explaining to change server.xml in a running server

Hesham Ahmed November 3, 2014 at 1:57 PM

Fix attached

Won't Fix

Details

Assignee

Carlos Ruiz

Reporter

Hesham Ahmed

Labels

Security

Affects versions

2.1

Priority

Major

Created November 3, 2014 at 1:56 PM

Updated June 1, 2015 at 3:50 PM

Resolved March 18, 2015 at 8:25 PM

Configure