<div dir="ltr">There are a couple things you can do. If you proxy the services through HAProxy, you can easily disable SSLv3 with a simple "no-sslv3" option.<div><br></div><div>To disable SSLv3 in Tomcat itself, you need to edit the server.xml file in the Tomcat "conf" directory. If Tomcat is using the APR extensions, simply look for the "Connector" directive that defines the SSL port and change the "sslProtocols" property to "TLSv1". If you are not using the APR extensions, set the sslProtocols property to "TLSv1,TLSv1.1,TLSv1.2".</div><div><br></div><div>Having said that, I found that changing Tomcat's protocols property did not a damn thing to alleviate the issue. I have instead moved the SSL termination over to my HAProxy load balancers.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 17, 2014 at 1:33 PM, David Millians <span dir="ltr"><<a href="mailto:millia@panix.com" target="_blank">millia@panix.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
ObBias:I hate java.<br>
ObStateOfMind: Now, more than ever.<br>
<br>
In remediating poodle, I'm now at the point on Sprockets where I have to deal with java. Or tomcat. Or whatever the hell in this mess of thousands of files is actually doing some serving. It's a SLES/Novell thing all under /opt. It doesn't appear that you configure it under /etc. No, that would be cheating. Also, jsvc.exec has no man page. Good Lord, you should see these two process lines.<br>
<br>
I hate Java. I hate that they named it after a beautiful place. I hate that I can't articulate how much I hate it. I hate that I hate it hate it hate it.<br>
<br>
Also, stupid cartoon character logo. And their mother dresses it funny.<br>
<br>
The obligatory Goog is insufficient to get me to a point to even START figuring out where I go to kill off the appropriate ciphers. Can somebody just point me to the right words to start?<br>
<br>
/we hates it, yes we does.<br>
______________________________<u></u>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>James Sumners<br><a href="http://james.roomfullofmirrors.com/">http://james.roomfullofmirrors.com/</a><br><br>"All governments suffer a recurring problem: Power attracts pathological personalities. It is not that power corrupts but that it is magnetic to the corruptible. Such people have a tendency to become drunk on violence, a condition to which they are quickly addicted."<br><br>Missionaria Protectiva, Text QIV (decto)<br>CH:D 59
</div>