Hi there-- This topic seemed relevant to the developers list because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz.
I am in process of trying to disable sslv3 on our version of of ofbiz 09-04, which uses tomcat 5.5. This is to eliminate the security vulnerability from poodle bleed. http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed We have tried updating the of ofbiz-containers.xml file like below, but it did not disable sslv3. Poodle is still there. I have also seen fixes that update server.xml with something similar. <property name="sslProtocol" value="TLS"/> <property name="sslEnabledProtocols" value="TLSv1,TLSv1.1,TLSv1.2"/> Has anyone else had luck fixing the poodle issue on Apache ofbiz version 09-04? Thanks! The Poodle fixer :) -- View this message in context: http://ofbiz.135035.n4.nabble.com/09-04-and-poodle-bleed-tp4657733.html Sent from the OFBiz - Dev mailing list archive at Nabble.com.
