[
https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14201692#comment-14201692
]
Deepak Dixit commented on OFBIZ-5848:
-------------------------------------
Hi Jacques,
TLSv1.2 will not work with Java6. I am getting following error when we build
R13.07 branch with java6.
{code}
[java] java.io.IOException: TLSv1.1 SSLContext not available
[java] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139)
[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.ofbiz.catalina.container.CatalinaContainer.start(CatalinaContainer.java:239)
[ofbiz-catalina.jar:?]
[java] at
org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:235)
[ofbiz-base.jar:?]
[java] at org.ofbiz.base.start.Start.startStartLoaders(Start.java:353)
[ofbiz.jar:?]
[java] at org.ofbiz.base.start.Start.start(Start.java:379)
[ofbiz.jar:?]
[java] at org.ofbiz.base.start.Start.main(Start.java:135) [ofbiz.jar:?]
[java] Caused by: java.security.NoSuchAlgorithmException: TLSv1.1
SSLContext not available
[java] at
sun.security.jca.GetInstance.getInstance(GetInstance.java:142) ~[?:1.6.0_65]
[java] at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
~[?:1.6]
[java] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] ... 17 more
[java] 2014-11-07 12:09:12,175 |main |StandardService
|E| Failed to initialize connector [Connector[HTTP/1.1-8443]]
[java] org.apache.catalina.LifecycleException: Failed to initialize
component [Connector[HTTP/1.1-8443]]
[java] at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
~[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139)
[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.ofbiz.catalina.container.CatalinaContainer.start(CatalinaContainer.java:239)
[ofbiz-catalina.jar:?]
[java] at
org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:235)
[ofbiz-base.jar:?]
[java] at org.ofbiz.base.start.Start.startStartLoaders(Start.java:353)
[ofbiz.jar:?]
[java] at org.ofbiz.base.start.Start.start(Start.java:379)
[ofbiz.jar:?]
[java] at org.ofbiz.base.start.Start.main(Start.java:135) [ofbiz.jar:?]
[java] Caused by: org.apache.catalina.LifecycleException: Protocol handler
initialization failed
[java] at
org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
~[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
~[tomcat-7.0.55-catalina.jar:7.0.55]
[java] ... 10 more
[java] Caused by: java.io.IOException: TLSv1.1 SSLContext not available
[java] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
~[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
~[tomcat-7.0.55-catalina.jar:7.0.55]
[java] ... 10 more
[java] Caused by: java.security.NoSuchAlgorithmException: TLSv1.1
SSLContext not available
[java] at
sun.security.jca.GetInstance.getInstance(GetInstance.java:142) ~[?:1.6.0_65]
[java] at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
~[?:1.6]
[java] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
[java] at
org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
~[tomcat-7.0.55-catalina.jar:7.0.55]
[java] at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
~[tomcat-7.0.55-catalina.jar:7.0.55]
[java] ... 10 more
[java] 2014-11-07 12:09:12,209 |main |CatalinaContainer
|I| createContext(vastra)
[java] 2014-11-07 12:09:12,216 |main |CatalinaContainer
|I| createContext(uif)
[java]
{code}
I dig into it and found that TLSv1.2 wasn't added to the default JCE provider
until Java 7.
http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext
http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext
We need to either set it to TLSv1.1 for R13.07 and R12.04
> Poodle-disable sslv3
> --------------------
>
> Key: OFBIZ-5848
> URL: https://issues.apache.org/jira/browse/OFBIZ-5848
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: Trunk
> Environment: unix
> Reporter: Poodle Fixer
> Assignee: Jacques Le Roux
> Priority: Critical
> Labels: patch, security
> Fix For: Upcoming Branch, 12.04.06, 13.07.02
>
>
> {panel:title= WARNING ABOUT THE FIX|bgColor=red}
> *We will certainly have to evolve this in the future because this correction
> forces the protocol to TLSv1.2*
> {panel}
> [~jacques.le.roux]: I have put a reminder for myself to follow the status of
> the Poodle issue in Tomcat
> ----
> Hi there--
> This topic seemed relevant because it is a major security issue that recently
> came up and will affect many ecommerce sites for ofbiz.
> I am in process of trying to disable sslv3 on our version of of
> ofbiz uses tomcat 6.
> This is to eliminate the security vulnerability from poodle bleed.
> http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed
> We have tried updating the of ofbiz-containers.xml file like below, but it
> did not disable sslv3. Poodle is still there.
> I have also seen fixes that update server.xml with something similar.
> <property name="sslProtocol" value="TLS"/>
> <property name="sslEnabledProtocols" value="TLSv1"/>
> Has anyone else had luck fixing the poodle issue on Apache ofbiz?
> Or in any of biz products… where is the best place to fix this in of biz??
> Thanks!
> The Poodle fixer :)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
