You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by HRC Boston <hr...@gmail.com> on 2014/11/02 21:29:31 UTC

Ofbiz 09-04 and poodle bleed fix

Hi there--

This topic seems relevant to the design of ofbiz since it is a major
security issue that has recently come up.

I am in process of trying to disable sslv3 on our version of ofbiz 09-04,
which uses tomcat 5.5.

This is to eliminate the security vulnerability from poodle bleed.
http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed

We have tried updating the of ofbiz-containers.xml file like below, but it
did not disable sslv3. Poodle is still there.

I have also seen fixes that update server.xml with something similar.

<property name="sslProtocol" value="TLS"/>
<property name="sslEnabledProtocols" value="TLSv1,TLSv1.1,TLSv1.2"/>

Has anyone else had luck fixing the poodle issue on Apache ofbiz version
09-04?

Thanks!

poodle bleed fixer :)