Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-5881

Update embedded Tomcat to 7.0.57

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Minor
    • Resolution: Done
    • Trunk
    • 14.12.01
    • framework
    • None
    • Bug Crush Event - 21/2/2015

    Description

      See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html for details

      Notably related to OFBIZ-5848 (Poodle) changes in Coyote:

      • Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a patch by Marcel Ĺ ebek. This feature requires Tomcat Native library 1.1.32 or later. (schultz/jfclere)
      • add Disable SSLv3 by default for JSSE based HTTPS connectors (BIO and NIO). The change also ensures that SSLv2 is disabled for these connectors although SSLv2 should already be disabled by default by the JRE. (markt)
      • add Disable SSLv3 by default for the APR/native HTTPS connector. (markt)

      I will test later if we can get rid of forcing TLSv2 in OFBiz

      Attachments

        Activity

          People

            jleroux Jacques Le Roux
            jleroux Jacques Le Roux
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: