Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The transport level security protocol of the Tomcat server is configured in the <PRODUCT_HOME>/conf/tomcat/catalina-server.xml file. Note that the ssLprotocol attribute is set to "TLS" by default. 

...

Table of Contents
maxLevel3
minLevel3

...

Testing SSL version 3 configuration for the Identity Server

...

SSL version 3 is disabled by default from IS 5.1.0 onwards. It is necessary to disable SSL version 3 in Carbon servers because of a bug (Poodle Attack) in the SSL version 3 protocol that could expose critical data encrypted between clients and servers. The Poodle Attack makes the system vulnerable by telling the client that the server does not support the more secure TLS (Transport Layer Security) protocol, and thereby forces it to connect via SSL 3.0. The effect of this bug can be mitigated when SSL version 3 protocol for your server is disabled.

Info

The configuration that disables SSL version 3 can be found in the <PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xml file under the Connector configuration corresponding to TLS (usually, this connector has the port set to 9443 and the sslProtocol as TLS).

The sslEnabledProtocols parameter defines a comma-seperated list of TLS protocol versions to support for HTTPS connections.

Code Block
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
                port="9443"
                bindOnInit="false"
				sslProtocol="TLS"
                sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"

You can follow the instructions below to ensure that SSL version 3 is disabled. 

...