[ale] Poodle and SSLv3 and java/tomcat/SLES OES mess
James Sumners
james.sumners at gmail.com
Fri Oct 17 15:38:24 EDT 2014
There are a couple things you can do. If you proxy the services through
HAProxy, you can easily disable SSLv3 with a simple "no-sslv3" option.
To disable SSLv3 in Tomcat itself, you need to edit the server.xml file in
the Tomcat "conf" directory. If Tomcat is using the APR extensions, simply
look for the "Connector" directive that defines the SSL port and change the
"sslProtocols" property to "TLSv1". If you are not using the APR
extensions, set the sslProtocols property to "TLSv1,TLSv1.1,TLSv1.2".
Having said that, I found that changing Tomcat's protocols property did not
a damn thing to alleviate the issue. I have instead moved the SSL
termination over to my HAProxy load balancers.
On Fri, Oct 17, 2014 at 1:33 PM, David Millians <millia at panix.com> wrote:
>
> ObBias:I hate java.
> ObStateOfMind: Now, more than ever.
>
> In remediating poodle, I'm now at the point on Sprockets where I have to
> deal with java. Or tomcat. Or whatever the hell in this mess of thousands
> of files is actually doing some serving. It's a SLES/Novell thing all under
> /opt. It doesn't appear that you configure it under /etc. No, that would be
> cheating. Also, jsvc.exec has no man page. Good Lord, you should see these
> two process lines.
>
> I hate Java. I hate that they named it after a beautiful place. I hate
> that I can't articulate how much I hate it. I hate that I hate it hate it
> hate it.
>
> Also, stupid cartoon character logo. And their mother dresses it funny.
>
> The obligatory Goog is insufficient to get me to a point to even START
> figuring out where I go to kill off the appropriate ciphers. Can somebody
> just point me to the right words to start?
>
> /we hates it, yes we does.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
James Sumners
http://james.roomfullofmirrors.com/
"All governments suffer a recurring problem: Power attracts pathological
personalities. It is not that power corrupts but that it is magnetic to the
corruptible. Such people have a tendency to become drunk on violence, a
condition to which they are quickly addicted."
Missionaria Protectiva, Text QIV (decto)
CH:D 59
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20141017/0ef3556b/attachment.html>
More information about the Ale
mailing list