4 Replies Latest reply on Feb 3, 2015 5:27 AM by sivasankar1631

How to enable TLSv1.2 only in JBoss AS 7.0.1 (Poodle TLSv1 issue)

sivasankar1631 Jan 29, 2015 4:26 AM

I am using JBoss AS 7.0.1. I was trying to disable all the protocols except TLSv1.2. I don know how to configure the xml file for this requirement.

https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls

https://www.us-cert.gov/ncas/alerts/TA14-290A

https://www.imperialviolet.org/2014/12/08/poodleagain.html

Above links talk about the Poodle TLS vulnerability.

I am trying to fix my application because of this issue. Could you please suggest any solution or work around for this issue.

Thanks in advance.

Regards,

Sivasankar

1. Re: How to enable TLSv1.2 only in JBoss AS 7.0.1 (Poodle TLSv1 issue)

ctomc Feb 2, 2015 8:30 AM (in response to sivasankar1631)

<ssl
....
protocol="TLSv1.2"
....
/>
1 of 1 people found this helpful
Actions
2. Re: How to enable TLSv1.2 only in JBoss AS 7.0.1 (Poodle TLSv1 issue)

sivasankar1631 Feb 2, 2015 12:57 PM (in response to ctomc)

<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
    <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="4506"/>
    <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" max-connections="150">
        <ssl name="https" password="password" certificate-key-file="server keystore path" protocol="TLSv1.2" verify-client="optional" ca-certificate-file="cert file path"/>
    </connector>
    <virtual-server name="default-host" enable-welcome-root="true">
        <alias name="localhost"/>
        <alias name="example.com"/>
    </virtual-server>
</subsystem>

After changing the protocol value from "TLSv1,TLSv1.1,TLSv1.2" to "TLSv1.2", the service crashed. It didn't work. Pls look at the xml snippet above.
Actions
3. Re: How to enable TLSv1.2 only in JBoss AS 7.0.1 (Poodle TLSv1 issue)

ctomc Feb 2, 2015 4:23 PM (in response to sivasankar1631)

for TLS1.2 you need JDK7 or newer as support for it was added in 7
see http://docs.oracle.com/javase/7/docs/technotes/guides/security/enhancements-7.html for more.

in any case i would advise you to upgrade to something newer than 7.0 series...
Actions
4. Re: How to enable TLSv1.2 only in JBoss AS 7.0.1 (Poodle TLSv1 issue)

sivasankar1631 Feb 3, 2015 5:27 AM (in response to ctomc)

I was running my application with JDK 6. After upgrading the application with JDK7 it worked.
I appreciate your help Tomaz.
Thank you.
Actions

Go to original post