[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14201695#comment-14201695 ]
Deepak Dixit commented on OFBIZ-5848: ------------------------------------- I checked with TLSv1.1 with java and get the same error :( {code} [java] 2014-11-07 12:20:35,758 |main |Http11Protocol |E| Failed to initialize end point associated with ProtocolHandler ["http-bio-0.0.0.0-8443"] [java] java.io.IOException: TLSv1.1 SSLContext not available [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) [tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) [tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.ofbiz.catalina.container.CatalinaContainer.start(CatalinaContainer.java:239) [ofbiz-catalina.jar:?] [java] at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:235) [ofbiz-base.jar:?] [java] at org.ofbiz.base.start.Start.startStartLoaders(Start.java:353) [ofbiz.jar:?] [java] at org.ofbiz.base.start.Start.start(Start.java:379) [ofbiz.jar:?] [java] at org.ofbiz.base.start.Start.main(Start.java:135) [ofbiz.jar:?] [java] Caused by: java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available [java] at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) ~[?:1.6.0_65] [java] at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) ~[?:1.6] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] ... 17 more [java] 2014-11-07 12:20:35,771 |main |StandardService |E| Failed to initialize connector [Connector[HTTP/1.1-8443]] [java] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.ofbiz.catalina.container.CatalinaContainer.start(CatalinaContainer.java:239) [ofbiz-catalina.jar:?] [java] at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:235) [ofbiz-base.jar:?] [java] at org.ofbiz.base.start.Start.startStartLoaders(Start.java:353) [ofbiz.jar:?] [java] at org.ofbiz.base.start.Start.start(Start.java:379) [ofbiz.jar:?] [java] at org.ofbiz.base.start.Start.main(Start.java:135) [ofbiz.jar:?] [java] Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed [java] at org.apache.catalina.connector.Connector.initInternal(Connector.java:980) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] ... 10 more [java] Caused by: java.io.IOException: TLSv1.1 SSLContext not available [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] ... 10 more [java] Caused by: java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available [java] at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) ~[?:1.6.0_65] [java] at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) ~[?:1.6] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] ... 10 more [java] 2014-11-07 12:20:35,800 |main |CatalinaContainer |I| createContext(ecomclone) {code} > Poodle-disable sslv3 > -------------------- > > Key: OFBIZ-5848 > URL: https://issues.apache.org/jira/browse/OFBIZ-5848 > Project: OFBiz > Issue Type: Bug > Affects Versions: Trunk > Environment: unix > Reporter: Poodle Fixer > Assignee: Jacques Le Roux > Priority: Critical > Labels: patch, security > Fix For: Upcoming Branch, 12.04.06, 13.07.02 > > > {panel:title= WARNING ABOUT THE FIX|bgColor=red} > *We will certainly have to evolve this in the future because this correction > forces the protocol to TLSv1.2* > {panel} > [~jacques.le.roux]: I have put a reminder for myself to follow the status of > the Poodle issue in Tomcat > ---- > Hi there-- > This topic seemed relevant because it is a major security issue that recently > came up and will affect many ecommerce sites for ofbiz. > I am in process of trying to disable sslv3 on our version of of > ofbiz uses tomcat 6. > This is to eliminate the security vulnerability from poodle bleed. > http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed > We have tried updating the of ofbiz-containers.xml file like below, but it > did not disable sslv3. Poodle is still there. > I have also seen fixes that update server.xml with something similar. > <property name="sslProtocol" value="TLS"/> > <property name="sslEnabledProtocols" value="TLSv1"/> > Has anyone else had luck fixing the poodle issue on Apache ofbiz? > Or in any of biz products… where is the best place to fix this in of biz?? > Thanks! > The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)