Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: Trunk
    • Fix Version/s: 14.12.01, 12.04.06, 13.07.02
    • Component/s: None
    • Labels:
    • Environment:

      unix

    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      Hi there--

      This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz.

      I am in process of trying to disable sslv3 on our version of of
      ofbiz uses tomcat 6.

      This is to eliminate the security vulnerability from poodle bleed.
      http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed

      We have tried updating the of ofbiz-containers.xml file like below, but it
      did not disable sslv3. Poodle is still there.

      I have also seen fixes that update server.xml with something similar.

      <property name="sslProtocol" value="TLS"/>
      <property name="sslEnabledProtocols" value="TLSv1"/>

      Has anyone else had luck fixing the poodle issue on Apache ofbiz?

      Or in any of biz products… where is the best place to fix this in of biz??

      Thanks!

      The Poodle fixer

        Attachments

        1. OFBIZ-5848-java17-12.04.patch
          27 kB
          Nicolas Malin
        2. OFBIZ-5848-java17-12.04.patch
          26 kB
          Nicolas Malin
        3. OFBIZ-5848-java17-12.04.patch
          24 kB
          Nicolas Malin

          Activity

            People

            • Assignee:
              jacques.le.roux Jacques Le Roux
              Reporter:
              hrcboston Poodle Fixer
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: