You can follow this thread here which I have been updating. Thanks for responding...we have tried several approaches with no luck yet... I think we must be missing something simple.
http://ofbiz.135035.n4.nabble.com/Re-Ofbiz-09-04-piddle-bleed-fix-tp4657772p4657820.html On Tuesday, November 4, 2014, Nicolas Malin (JIRA) <j...@apache.org> wrote: > > [ > https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14196045#comment-14196045 > ] > > Nicolas Malin commented on OFBIZ-5848: > -------------------------------------- > > Hello ... the poodle fixer ? :) > > As OFBiz 09.04 haven't an official support, I don't think that your > correction will be present on a future package. But can you associate your > patch to fix this issues ? > > It's interesting for all production site that still work with this release. > > > > Poodle-disable sslv3 > > -------------------- > > > > Key: OFBIZ-5848 > > URL: https://issues.apache.org/jira/browse/OFBIZ-5848 > > Project: OFBiz > > Issue Type: Bug > > Affects Versions: Trunk > > Environment: unix > > Reporter: Hrc Boston > > Priority: Critical > > Labels: patch, security > > > > Hi there-- > > This topic seemed relevant because it is a major security issue that > recently came up and will affect many ecommerce sites for ofbiz. > > I am in process of trying to disable sslv3 on our version of of > > ofbiz 09-04, which uses tomcat 6. > > This is to eliminate the security vulnerability from poodle bleed. > > > http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed > > We have tried updating the of ofbiz-containers.xml file like below, but > it > > did not disable sslv3. Poodle is still there. > > I have also seen fixes that update server.xml with something similar. > > <property name="sslProtocol" value="TLS"/> > > <property name="sslEnabledProtocols" value="TLSv1"/> > > Has anyone else had luck fixing the poodle issue on Apache ofbiz version > > 09-04? > > Or in any of biz products… where is the best place to fix this in of > biz?? > > Thanks! > > The Poodle fixer :) > > > > -- > This message was sent by Atlassian JIRA > (v6.3.4#6332) >
