Disable SSLv3 in Wildfly app server

Question

How to disable SSLv3 in Wildfly app server. Following configuration

<server-identities>
    <ssl protocol="TLSv1">
        <keystore path="https.keystore" relative-to="keystore.home" keystore-password="secret" alias="https" key-password="secret" />
    </ssl>
</server-identities>

falls back to SSLv3, if SSLv3 requested. Looks like associated bug https://bugzilla.redhat.com/show_bug.cgi?id=1153853 in redhat is closed as "WONTFIX"

If that's their attitude they will need to change it. This is a major requirement since the discovery of the POODLE SSLv3 vulnerability. Did you try what it says [here](https://access.redhat.com/solutions/1232233)? — user207421, Dec 16 '14 at 01:15

user1919511 · Accepted Answer · 2014-12-18T17:43:21.227

0

Add [enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"] to element. It works with Wildfly 8.2

edited Dec 18 '14 at 17:43

answered Dec 16 '14 at 22:43

user1919511

11
6

Hello I just tried your solution, however it's not obvious to me how to add the mentioned protocols to the element. I tried this: .... When I startup the host I get an error: "JBAS014788: Unexpected attribute 'enabled-protocols' encountered" I guess the attribute needs to be added elsewhere, but where? – Bouncing Bit Jun 30 '15 at 10:32
Nevermind. The protocolas have to be added within the domain.xml within the https-listener like this: ** – Bouncing Bit Jun 30 '15 at 15:01

Disable SSLv3 in Wildfly app server

1 Answers1