[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14196045#comment-14196045 ]
Nicolas Malin commented on OFBIZ-5848: -------------------------------------- Hello ... the poodle fixer ? :) As OFBiz 09.04 haven't an official support, I don't think that your correction will be present on a future package. But can you associate your patch to fix this issues ? It's interesting for all production site that still work with this release. > Poodle-disable sslv3 > -------------------- > > Key: OFBIZ-5848 > URL: https://issues.apache.org/jira/browse/OFBIZ-5848 > Project: OFBiz > Issue Type: Bug > Affects Versions: Trunk > Environment: unix > Reporter: Hrc Boston > Priority: Critical > Labels: patch, security > > Hi there-- > This topic seemed relevant because it is a major security issue that recently > came up and will affect many ecommerce sites for ofbiz. > I am in process of trying to disable sslv3 on our version of of > ofbiz 09-04, which uses tomcat 6. > This is to eliminate the security vulnerability from poodle bleed. > http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed > We have tried updating the of ofbiz-containers.xml file like below, but it > did not disable sslv3. Poodle is still there. > I have also seen fixes that update server.xml with something similar. > <property name="sslProtocol" value="TLS"/> > <property name="sslEnabledProtocols" value="TLSv1"/> > Has anyone else had luck fixing the poodle issue on Apache ofbiz version > 09-04? > Or in any of biz products… where is the best place to fix this in of biz?? > Thanks! > The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)