You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2014/11/18 10:03:34 UTC
[jira] [Created] (OFBIZ-5881) Upsate embedded Tomcat to 7.0.57
Jacques Le Roux created OFBIZ-5881:
--------------------------------------
Summary: Upsate embedded Tomcat to 7.0.57
Key: OFBIZ-5881
URL: https://issues.apache.org/jira/browse/OFBIZ-5881
Project: OFBiz
Issue Type: Improvement
Components: framework
Affects Versions: Trunk
Reporter: Jacques Le Roux
Assignee: Jacques Le Roux
Priority: Minor
Fix For: Upcoming Branch
See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html for details
Notably related to OFBIZ-5848 (Poodle) changes in Coyote:
* Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a patch by Marcel Ĺ ebek. This feature requires Tomcat Native library 1.1.32 or later. (schultz/jfclere)
* add Disable SSLv3 by default for JSSE based HTTPS connectors (BIO and NIO). The change also ensures that SSLv2 is disabled for these connectors although SSLv2 should already be disabled by default by the JRE. (markt)
* add Disable SSLv3 by default for the APR/native HTTPS connector. (markt)
I will test later if we can get rid of forcing TLSv2 in OFBiz
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)