[
https://issues.apache.org/jira/browse/OFBIZ-5881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14216058#comment-14216058 ]
Jacques Le Roux commented on OFBIZ-5881:
----------------------------------------
Here is a nmap result
{code}
# Nmap 6.47 scan initiated Tue Nov 18 11:25:50 2014 as: nmap.exe -p 8443 --unprivileged -Pn --script ssl-enum-ciphers -oN poodle_443 10.0.1.12
Nmap scan report for 10.0.1.12
Host is up (0.10s latency).
PORT STATE SERVICE
8443/tcp open https-alt
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
| TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
|_ least strength: strong
# Nmap done at Tue Nov 18 11:25:58 2014 -- 1 IP address (1 host up) scanned in 8.62 seconds
{code}
> Update embedded Tomcat to 7.0.57
> --------------------------------
>
> Key: OFBIZ-5881
> URL:
https://issues.apache.org/jira/browse/OFBIZ-5881> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Minor
> Fix For: Upcoming Branch
>
>
> See
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html for details
> Notably related to OFBIZ-5848 (Poodle) changes in Coyote:
> * Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a patch by Marcel Ĺ ebek. This feature requires Tomcat Native library 1.1.32 or later. (schultz/jfclere)
> * add Disable SSLv3 by default for JSSE based HTTPS connectors (BIO and NIO). The change also ensures that SSLv2 is disabled for these connectors although SSLv2 should already be disabled by default by the JRE. (markt)
> * add Disable SSLv3 by default for the APR/native HTTPS connector. (markt)
> I will test later if we can get rid of forcing TLSv2 in OFBiz
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Locked
