Menu
▾
▴
[Wrapper-user] disable SSLv3
|
From: lluis <ll...@in...> - 2014-12-30 14:23:06
|
Hello, I am trying to disable SSLv3 to prevent POODLE attack on adito, which uses wrapper. I've tried to add this to /usr/local/src/adito-0.9.1/conf/wrapper.conf: wrapper.java.additional.1=-Dhttps.protocols="TLSv1" and in fact is added to the java command: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java -Dhttps.protocols="TLSv1" -Xms64m -Xmx512m -Djava.library.path=install/platforms/linux/x86 -classpath build/boot:lib/adito-boot.jar -Dwrapper.key=iegai2ohDeiThaeK -Dwrapper.port=32000 -Dwrapper.use_system_time=TRUE -Dwrapper.version=3.1.2 -Dwrapper.native_library=wrapper -Dwrapper.service=TRUE -Dwrapper.cpu.timeout=10 -Dwrapper.jvmid=1 com.adito.boot.Bootstrap but it is still responding to SSLv3 requests: # openssl s_client -connect localhost:443 -ssl3 CONNECTED(00000003) (...) verify error:num=18:self signed certificate * some system info: CentOS 5.8 (2.6.18-308.8.2.el5) openssl-0.9.8e-31.el5_11 adito-0.9.1 Java(TM) SE Runtime Environment (build 1.6.0_14-b08) Wrapper (Version 3.2.3) any hints to disable SSLv3? -- Lluís Gili Ingent Grup Systems ~ http://www.ingent.net ~ Tel. 933935931 |
