Author: jleroux Date: Wed Nov 5 13:19:10 2014 New Revision: 1636869 URL: http://svn.apache.org/r1636869 Log: Fixes the Poodle vulnerability following indications from "The Poodle fixer" at https://issues.apache.org/jira/browse/OFBIZ-5848
Note that this fix requires to use at least Tomcat 6.0.32 as explained at https://blogs.atlassian.com/2014/10/ssl-poodle/#comment-190966 Modified: ofbiz/trunk/specialpurpose/appserver/templates/tomcat6/server.xml Modified: ofbiz/trunk/specialpurpose/appserver/templates/tomcat6/server.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/appserver/templates/tomcat6/server.xml?rev=1636869&r1=1636868&r2=1636869&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/appserver/templates/tomcat6/server.xml (original) +++ ofbiz/trunk/specialpurpose/appserver/templates/tomcat6/server.xml Wed Nov 5 13:19:10 2014 @@ -80,7 +80,7 @@ described in the APR documentation --> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" - clientAuth="false" sslProtocol="TLS" + clientAuth="false" sslProtocol="TLSv1.1" protocols="TLSv1.1" keystoreFile="${ofbizHome}/framework/base/config/ofbizssl.jks" keystorePass="changeit"/>
