Actually I have fixed the test after you reported the failure; after that you reported a success... or am I missing something?
On Thu, Nov 13, 2014 at 5:27 PM, Jacques Le Roux (JIRA) <j...@apache.org> wrote: > > [ > https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209981#comment-14209981 > ] > > Jacques Le Roux commented on OFBIZ-5848: > ---------------------------------------- > > Ha no, it was already up to date when I tried. I did a svn up just before. > So it seems the 1st time it failed despite your change. The second time, > since I had other stuff to do and tests consume much ressources, I > diminished the Java proces priority (from 8 normal to 4 background). It's > maybe the reason it worked. I will retry the 2 cases later. Anyway I'd not > worry too much about that, I think nowaydays nobody run a production site > on Windows Server ;) > > > Poodle-disable sslv3 > > -------------------- > > > > Key: OFBIZ-5848 > > URL: https://issues.apache.org/jira/browse/OFBIZ-5848 > > Project: OFBiz > > Issue Type: Bug > > Affects Versions: Trunk > > Environment: unix > > Reporter: Poodle Fixer > > Assignee: Jacques Le Roux > > Priority: Critical > > Labels: patch, security > > Fix For: Upcoming Branch, 12.04.06, 13.07.02 > > > > Attachments: OFBIZ-5848-java17-12.04.patch, > OFBIZ-5848-java17-12.04.patch > > > > > > {panel:title= WARNING ABOUT THE FIX|bgColor=red} > > *We will certainly have to evolve this in the future because this > correction forces the protocol to TLSv1.2* > > {panel} > > [~jacques.le.roux]: I have put a reminder for myself to follow the > status of the Poodle issue in Tomcat > > ---- > > Hi there-- > > This topic seemed relevant because it is a major security issue that > recently came up and will affect many ecommerce sites for ofbiz. > > I am in process of trying to disable sslv3 on our version of of > > ofbiz uses tomcat 6. > > This is to eliminate the security vulnerability from poodle bleed. > > > http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed > > We have tried updating the of ofbiz-containers.xml file like below, but > it > > did not disable sslv3. Poodle is still there. > > I have also seen fixes that update server.xml with something similar. > > <property name="sslProtocol" value="TLS"/> > > <property name="sslEnabledProtocols" value="TLSv1"/> > > Has anyone else had luck fixing the poodle issue on Apache ofbiz? > > Or in any of biz products… where is the best place to fix this in of > biz?? > > Thanks! > > The Poodle fixer :) > > > > -- > This message was sent by Atlassian JIRA > (v6.3.4#6332) >
