From b5d4dbc59cb3359138ecfb54b3bd6219cdc63dfb Mon Sep 17 00:00:00 2001
From: Simon Brandhof <simon.brandhof@sonarsource.com>
Date: Wed, 19 Nov 2014 19:09:08 +0100
Subject: [PATCH]  SONAR-5860 Disable SSLv3 in Tomcat connector

---
 .../src/main/java/org/sonar/server/app/Connectors.java         | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java b/server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java
index 6a743f88c92..8bbbef09311 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java
@@ -115,6 +115,9 @@ class Connectors {
       setConnectorAttribute(connector, "truststoreType", props.value("sonar.web.https.truststoreType", "JKS"));
       setConnectorAttribute(connector, "truststoreProvider", props.value("sonar.web.https.truststoreProvider"));
       setConnectorAttribute(connector, "clientAuth", props.value("sonar.web.https.clientAuth", "false"));
+      // SSLv3 must not be enable because of Poodle vulnerability
+      // See https://jira.codehaus.org/browse/SONAR-5860
+      setConnectorAttribute(connector, "sslEnabledProtocols", "TLSv1,TLSv1.1,TLSv1.2");
       setConnectorAttribute(connector, "sslProtocol", "TLS");
       setConnectorAttribute(connector, "SSLEnabled", true);
       info("HTTPS connector is enabled on port " + port);
-- 
2.39.5