Description: fourproc consulting
cloud computing (66631) seattle (3796) aws (1308) operations (834) docker (700) bioinformatics (425) brian connolly (2) fourproc consulting (1)
With the announcement last week of the POODLE vulnerability in SSLv3, I have been testing a new HTTPS Connector configuration for TOMCAT.
Most of the documentation available, that I have found, assumes that you are using Native/APR . However, LabKey’s standard TOMCAT configuration does not use the Native/APR connectors, but uses NIO connector . After a bit of testing I found that to disable SSLv3 (and SSLv2), when using BIO/NIO connectors, I used
<Connector port="443" scheme="https" secure="true" SSLEnabled="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLSv1" ... /> During my testing, I found that if you do not use sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to limit the available protocols, then using only sslProtocol="TLSv1" still allowed SSLv3 to be available.