How to disable SSLV3 vulnerability in tomcat 7

Any software using SSLv3 protocol needs to be updated because this is an older version of the protocol which is outdated,Most of the earlier software's are working with SSLv3 protocol.Attackers can easily gain the access of the resources.Software or service which is using SSV3 protocol is a vulnerable of POODLE vulnerability.This poodle vulnerability can be disabled in tomcat as like below.

 <Connector port="443" 
protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" 
maxThreads="150" scheme="https" secure="true" clientAuth="false" 
 sslProtocol="TLS"  sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" 
connectionTimeout="100000"   keystoreFile="/cer/test.cer" keystorePass="test"/>

Here important factor is sslProtocol and sslEnabledProtocols attributes.


Post a Comment

Powered by Blogger.