From: Simon Brandhof <simon.brandhof@sonarsource.com>
Date: Wed, 19 Nov 2014 18:09:08 +0000 (+0100)
Subject:  SONAR-5860 Disable SSLv3 in Tomcat connector
X-Git-Tag: 5.0-RC1~293^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=b5d4dbc59cb3359138ecfb54b3bd6219cdc63dfb;p=sonarqube.git

 SONAR-5860 Disable SSLv3 in Tomcat connector
---

diff --git a/server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java b/server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java
index 6a743f88c92..8bbbef09311 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java
@@ -115,6 +115,9 @@ class Connectors {
       setConnectorAttribute(connector, "truststoreType", props.value("sonar.web.https.truststoreType", "JKS"));
       setConnectorAttribute(connector, "truststoreProvider", props.value("sonar.web.https.truststoreProvider"));
       setConnectorAttribute(connector, "clientAuth", props.value("sonar.web.https.clientAuth", "false"));
+      // SSLv3 must not be enable because of Poodle vulnerability
+      // See https://jira.codehaus.org/browse/SONAR-5860
+      setConnectorAttribute(connector, "sslEnabledProtocols", "TLSv1,TLSv1.1,TLSv1.2");
       setConnectorAttribute(connector, "sslProtocol", "TLS");
       setConnectorAttribute(connector, "SSLEnabled", true);
       info("HTTPS connector is enabled on port " + port);