[ https://issues.apache.org/jira/browse/OFBIZ-5881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14216058#comment-14216058 ]
Jacques Le Roux commented on OFBIZ-5881: ---------------------------------------- Here is a nmap result {code} # Nmap 6.47 scan initiated Tue Nov 18 11:25:50 2014 as: nmap.exe -p 8443 --unprivileged -Pn --script ssl-enum-ciphers -oN poodle_443 10.0.1.12 Nmap scan report for 10.0.1.12 Host is up (0.10s latency). PORT STATE SERVICE 8443/tcp open https-alt | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_RC4_128_MD5 - strong | TLS_RSA_WITH_RC4_128_SHA - strong | compressors: | NULL | TLSv1.1: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_RC4_128_MD5 - strong | TLS_RSA_WITH_RC4_128_SHA - strong | compressors: | NULL | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_RSA_WITH_RC4_128_MD5 - strong | TLS_RSA_WITH_RC4_128_SHA - strong | compressors: | NULL |_ least strength: strong # Nmap done at Tue Nov 18 11:25:58 2014 -- 1 IP address (1 host up) scanned in 8.62 seconds {code} > Update embedded Tomcat to 7.0.57 > -------------------------------- > > Key: OFBIZ-5881 > URL: https://issues.apache.org/jira/browse/OFBIZ-5881 > Project: OFBiz > Issue Type: Improvement > Components: framework > Affects Versions: Trunk > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Minor > Fix For: Upcoming Branch > > > See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html for details > Notably related to OFBIZ-5848 (Poodle) changes in Coyote: > * Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a patch > by Marcel Ĺ ebek. This feature requires Tomcat Native library 1.1.32 or later. > (schultz/jfclere) > * add Disable SSLv3 by default for JSSE based HTTPS connectors (BIO and NIO). > The change also ensures that SSLv2 is disabled for these connectors although > SSLv2 should already be disabled by default by the JRE. (markt) > * add Disable SSLv3 by default for the APR/native HTTPS connector. (markt) > I will test later if we can get rid of forcing TLSv2 in OFBiz -- This message was sent by Atlassian JIRA (v6.3.4#6332)