How to disable SSLv3 on JBoss

rabbaa.gabriel Oct 19, 2011 5:50 AM

Hi,

in most documentation we can find information on how to configure HTTPS connection and information about sslProtocol.

in most of them we found:

sslProtocol="TLS", see example at How to enable ssl

in other documentation we can found that we can skip the command because by default it use TLSv1

But how to instruct jboss to not use SSLv3 because when we try to use some tools to check which protocol it support after starting the server, we found that SSLv3 is enable.

I apache we can found:

SSLProtocol -all +SSLv3

1. Re: How to disable SSLv3 on JBoss

ilya40umov Nov 21, 2011 10:11 AM (in response to rabbaa.gabriel)

Hi Gabriel,
We have a very similar issue(the only difference is that we need to disable TLS and make Jboss working only with SSLv3).
Have you found an answer or some work around?
Regards,
Ilya
Actions
2. Re: How to disable SSLv3 on JBoss

rabbaa.gabriel Nov 21, 2011 10:28 AM (in response to ilya40umov)

Hi Ilya,

Nothing new. I think the better thing for you is to disable (remove) the uneeded ciphers with will get the same result.
Actions

Go to original post