[
https://issues.apache.org/jira/browse/OFBIZ-5881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14216050#comment-14216050
]
Jacques Le Roux commented on OFBIZ-5881:
----------------------------------------
Great (not a surprise though) it works w/o forcing the TLS version to v1.2
Committed in
trunk r1640288
R13.07 r1640300
R12.04 r1640301
Removed the forcing of the TLS version to v1.2 in
trunk r1640299
R13.07 r1640303
R12.04 r1640305
> Update embedded Tomcat to 7.0.57
> --------------------------------
>
> Key: OFBIZ-5881
> URL: https://issues.apache.org/jira/browse/OFBIZ-5881
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Minor
> Fix For: Upcoming Branch
>
>
> See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html for details
> Notably related to OFBIZ-5848 (Poodle) changes in Coyote:
> * Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a patch
> by Marcel Ĺ ebek. This feature requires Tomcat Native library 1.1.32 or later.
> (schultz/jfclere)
> * add Disable SSLv3 by default for JSSE based HTTPS connectors (BIO and NIO).
> The change also ensures that SSLv2 is disabled for these connectors although
> SSLv2 should already be disabled by default by the JRE. (markt)
> * add Disable SSLv3 by default for the APR/native HTTPS connector. (markt)
> I will test later if we can get rid of forcing TLSv2 in OFBiz
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
