12 Replies Latest reply on Mar 10, 2016 4:41 AM by Martin Choma

    How to disable SSLv3

    Packiaraj Sakkanan Newbie

      How to disable SSLv3 in Wildfly 8.0. Following configuration

      <server-identities>

      <ssl protocol="TLSv1">

      <keystore path="https.keystore" relative-to="keystore.home" keystore-password="secret" alias="https" key-password="secret" />

      </ssl>

      </server-identities>

      falls back to SSLv3, if SSLv3 requested. Is there any way I can allow only "TLSv1, TLSv1.1, TLSv1.2".

      This setting is mandatory for us to fix POODLE vulnerability