You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Hrc Boston (JIRA)" <ji...@apache.org> on 2014/11/03 21:39:33 UTC

[jira] [Created] (OFBIZ-5848) Poodle-disable sslv3

Hrc Boston created OFBIZ-5848:
---------------------------------

             Summary: Poodle-disable sslv3
                 Key: OFBIZ-5848
                 URL: https://issues.apache.org/jira/browse/OFBIZ-5848
             Project: OFBiz
          Issue Type: Bug
    Affects Versions: Trunk
         Environment: unix
            Reporter: Hrc Boston
            Priority: Critical


Hi there-- 

This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. 

I am in process of trying to disable sslv3 on our version of of 
ofbiz 09-04, which uses tomcat 6. 

This is to eliminate the security vulnerability from poodle bleed. 
http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed

We have tried updating the of ofbiz-containers.xml file like below, but it 
did not disable sslv3. Poodle is still there. 

I have also seen fixes that update server.xml with something similar. 

<property name="sslProtocol" value="TLS"/>  
<property name="sslEnabledProtocols" value="TLSv1"/>  

Has anyone else had luck fixing the poodle issue on Apache ofbiz version 
09-04? 

Or in any of biz products… where is the best place to fix this in of biz??

Thanks! 

The Poodle fixer :)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)