[ https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209981#comment-14209981 ] Jacques Le Roux commented on OFBIZ-5848: ---------------------------------------- Ha no, it was already up to date when I tried. I did a svn up just before. So it seems the 1st time it failed despite your change. The second time, since I had other stuff to do and tests consume much ressources, I diminished the Java proces priority (from 8 normal to 4 background). It's maybe the reason it worked. I will retry the 2 cases later. Anyway I'd not worry too much about that, I think nowaydays nobody run a production site on Windows Server ;) > Poodle-disable sslv3 > -------------------- > > Key: OFBIZ-5848 > URL: https://issues.apache.org/jira/browse/OFBIZ-5848 > Project: OFBiz > Issue Type: Bug > Affects Versions: Trunk > Environment: unix > Reporter: Poodle Fixer > Assignee: Jacques Le Roux > Priority: Critical > Labels: patch, security > Fix For: Upcoming Branch, 12.04.06, 13.07.02 > > Attachments: OFBIZ-5848-java17-12.04.patch, OFBIZ-5848-java17-12.04.patch > > > {panel:title= WARNING ABOUT THE FIX|bgColor=red} > *We will certainly have to evolve this in the future because this correction forces the protocol to TLSv1.2* > {panel} > [~jacques.le.roux]: I have put a reminder for myself to follow the status of the Poodle issue in Tomcat > ---- > Hi there-- > This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz. > I am in process of trying to disable sslv3 on our version of of > ofbiz uses tomcat 6. > This is to eliminate the security vulnerability from poodle bleed. > http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed > We have tried updating the of ofbiz-containers.xml file like below, but it > did not disable sslv3. Poodle is still there. > I have also seen fixes that update server.xml with something similar. > <property name="sslProtocol" value="TLS"/> > <property name="sslEnabledProtocols" value="TLSv1"/> > Has anyone else had luck fixing the poodle issue on Apache ofbiz? > Or in any of biz products… where is the best place to fix this in of biz?? > Thanks! > The Poodle fixer :) -- This message was sent by Atlassian JIRA (v6.3.4#6332) |
Actually I have fixed the test after you reported the failure; after that
you reported a success... or am I missing something? On Thu, Nov 13, 2014 at 5:27 PM, Jacques Le Roux (JIRA) <[hidden email]> wrote: > > [ > https://issues.apache.org/jira/browse/OFBIZ-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209981#comment-14209981 > ] > > Jacques Le Roux commented on OFBIZ-5848: > ---------------------------------------- > > Ha no, it was already up to date when I tried. I did a svn up just before. > So it seems the 1st time it failed despite your change. The second time, > since I had other stuff to do and tests consume much ressources, I > diminished the Java proces priority (from 8 normal to 4 background). It's > maybe the reason it worked. I will retry the 2 cases later. Anyway I'd not > worry too much about that, I think nowaydays nobody run a production site > on Windows Server ;) > > > Poodle-disable sslv3 > > -------------------- > > > > Key: OFBIZ-5848 > > URL: https://issues.apache.org/jira/browse/OFBIZ-5848 > > Project: OFBiz > > Issue Type: Bug > > Affects Versions: Trunk > > Environment: unix > > Reporter: Poodle Fixer > > Assignee: Jacques Le Roux > > Priority: Critical > > Labels: patch, security > > Fix For: Upcoming Branch, 12.04.06, 13.07.02 > > > > Attachments: OFBIZ-5848-java17-12.04.patch, > OFBIZ-5848-java17-12.04.patch > > > > > > {panel:title= WARNING ABOUT THE FIX|bgColor=red} > > *We will certainly have to evolve this in the future because this > correction forces the protocol to TLSv1.2* > > {panel} > > [~jacques.le.roux]: I have put a reminder for myself to follow the > status of the Poodle issue in Tomcat > > ---- > > Hi there-- > > This topic seemed relevant because it is a major security issue that > recently came up and will affect many ecommerce sites for ofbiz. > > I am in process of trying to disable sslv3 on our version of of > > ofbiz uses tomcat 6. > > This is to eliminate the security vulnerability from poodle bleed. > > > http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed > > We have tried updating the of ofbiz-containers.xml file like below, but > it > > did not disable sslv3. Poodle is still there. > > I have also seen fixes that update server.xml with something similar. > > <property name="sslProtocol" value="TLS"/> > > <property name="sslEnabledProtocols" value="TLSv1"/> > > Has anyone else had luck fixing the poodle issue on Apache ofbiz? > > Or in any of biz products… where is the best place to fix this in of > biz?? > > Thanks! > > The Poodle fixer :) > > > > -- > This message was sent by Atlassian JIRA > (v6.3.4#6332) > |
Free forum by Nabble | Edit this page |