[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14201750#comment-14201750 ]
Nicolas Malin commented on OFBIZ-5848: -------------------------------------- For 12.04 the situation is a little bite annoying. We have the same error but java 1.7 isn't compatible. I try to change TLSv1.2 by TLSv1.0 but : {code} [java] 2014-11-07 08:47:37,559 (main) [ AbstractProtocol.java:436:ERROR] Failed to initialize end point associated with ProtocolHandler ["http-bio-0.0.0.0-8443"] [java] java.io.IOException: TLSv1.0 SSLContext not available [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459) [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) [java] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) {quote} it's a real stinker. > Poodle-disable sslv3 > -------------------- > > Key: OFBIZ-5848 > URL: https://issues.apache.org/jira/browse/OFBIZ-5848 > Project: OFBiz > Issue Type: Bug > Affects Versions: Trunk > Environment: unix > Reporter: Poodle Fixer > Assignee: Jacques Le Roux > Priority: Critical > Labels: patch, security > Fix For: Upcoming Branch, 12.04.06, 13.07.02 > > > {panel:title= WARNING ABOUT THE FIX|bgColor=red} > *We will certainly have to evolve this in the future because this correction > forces the protocol to TLSv1.2* > {panel} > [~jacques.le.roux]: I have put a reminder for myself to follow the status of > the Poodle issue in Tomcat > ---- > Hi there-- > This topic seemed relevant because it is a major security issue that recently > came up and will affect many ecommerce sites for ofbiz. > I am in process of trying to disable sslv3 on our version of of > ofbiz uses tomcat 6. > This is to eliminate the security vulnerability from poodle bleed. > http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed > We have tried updating the of ofbiz-containers.xml file like below, but it > did not disable sslv3. Poodle is still there. > I have also seen fixes that update server.xml with something similar. > <property name="sslProtocol" value="TLS"/> > <property name="sslEnabledProtocols" value="TLSv1"/> > Has anyone else had luck fixing the poodle issue on Apache ofbiz? > Or in any of biz products… where is the best place to fix this in of biz?? > Thanks! > The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332)