2 Replies Latest reply on Jan 30, 2015 5:06 AM by pmm

disable SSLV3 in Jboss AS

sugunakar Jan 13, 2015 8:39 AM

Hi,

I was trying to disable the SSLV3 in the JBoss AS 7.1.1 standalone by using the below configuration.

But after applying this configuration still the jboss is supporing SSLV3 and SSLV2 as well along with TLS

Could you please suggest some solution for the same?

<ssl name="test-ssl" certificate-key-file="/opt/jboss-as-test/standalone/certs/test.pem" cipher-suite="AES128-SHA,DHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA

,AES256-SHA256,DES-CBC3-SHA,DHE-RSA-CAMELLIA256-SHA,CAMELLIA128-SHA,CAMELLIA256-SHA,DHE-RSA-DES-CBC3-SHA,DHE-RSA-CAMELLIA128-SHA" protocol="TLSv1,TLSv1.1,TLSv1.2" certificate-file="/opt/jboss-as-test/standalone/certs/test-cert.pem"/>

Thanks

Sugunakar

1. Re: disable SSLV3 in Jboss AS

sivasankar1631 Jan 29, 2015 3:57 AM (in response to sugunakar)

Even I am facing this issue. I am using JBoss AS 7.0.1.
I was trying to disable all the protocols except TLSv1.2. I don know how to configure the xml file for this requirement.

https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
https://www.us-cert.gov/ncas/alerts/TA14-290A

I am trying fix my application because of the Poodle TLS issue. Links provided above. Could you please suggest any solution or work around for this issue.

Regards,
Sivasankar
Actions
2. Re: disable SSLV3 in Jboss AS

pmm Jan 30, 2015 5:06 AM (in response to sivasankar1631)

we use

<connector>
<ssl protocol="TLSv1" />
</connector>
Actions

Go to original post