Hi Jacques-- Thanks for your reply.
We are using java 1.6. I am a developer working with our ops team to fix poodle. We are hoping for a simple fix for this issue as upgrading the software involves more testing then we are able to cover right now. A lot of the fixes we have seen suggest that tomcat server.xml file is the place to fix poodle. We tried the ofbiz-containers.xml file as noted because that is where our https connector is set up… but no luck there… maybe we need to add a cipher to server.xml? as in the example at the bottom of this page: http://blog.ricardoamaro.com/content/poodle-sslv3-vulnerability-fix Your help is very appreciated. Has anybody had any luck with this fix? Update /etc/tomcat7/server.xml file with "sslProtocol" line to: sslProtocol="TLS" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA" sslEnabledProtocols="TLSv1" >From what I can tell, our server actually doesn't support tlsv1.2 or tlsv1.1… only tls1. Perhaps we should try a version with only tlsv1 enabled. -- View this message in context: http://ofbiz.135035.n4.nabble.com/Re-Ofbiz-09-04-piddle-bleed-fix-tp4657772p4657777.html Sent from the OFBiz - User mailing list archive at Nabble.com.
