Disabling SSLv3 and SSLv2 in engine

2	Hi there How can I disable less secure encryption methods and use only TLS within the ivy engine? Thanks for your feedback, Sven engine security asked 27.07.2016 at 16:18 skilchenmann (suspended) accept rate: 33%

2 Answers:

active answers oldest newest most voted

1	Only TLS should be enabled by default anyway. See System Property "WebServer.HTTPS.SslProtocol", it is set to TLS by default. See System Properties in the Engine Guide to learn more about it. link answered 03.08.2016 at 11:15 Christian St... ♦ 3.2k●3●13●38 accept rate: 88%

Hi there

is there a possibility to change the enabled ssl protocols?

To disable SSL v3, and enable all TLS protocols on JSSE connectors add the following attributes to your HTTPS connector configuration in server.xml:

sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"

Information here: https://wiki.apache.org/tomcat/Security/POODLE

Thanks

link

answered 13.09.2016 at 09:55

skilchenmann
(suspended)
accept rate: 33%

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

engine ×44
security ×40

Asked: 27.07.2016 at 16:18

Seen: 2,177 times

Last updated: 13.09.2016 at 09:55

Disabling SSLv3 and SSLv2 in engine

Follow this question

Related questions