diff options
| author | Simon Brandhof <simon.brandhof@sonarsource.com> | 2014-11-19 19:09:08 +0100 |
|---|---|---|
| committer | Simon Brandhof <simon.brandhof@sonarsource.com> | 2014-11-19 19:09:20 +0100 |
| commit | b5d4dbc59cb3359138ecfb54b3bd6219cdc63dfb (patch) | |
| tree | 0bd3d2cff8f44b7a430715188d1f65974bcc1ba0 /server | |
| parent | 026c457acb406908289718ac78ff41be8b58e391 (diff) | |
| download | sonarqube-b5d4dbc59cb3359138ecfb54b3bd6219cdc63dfb.tar.gz sonarqube-b5d4dbc59cb3359138ecfb54b3bd6219cdc63dfb.zip | |
SONAR-5860 Disable SSLv3 in Tomcat connector
Diffstat (limited to 'server')
| -rw-r--r-- | server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java b/server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java index 6a743f88c92..8bbbef09311 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java +++ b/server/sonar-server/src/main/java/org/sonar/server/app/Connectors.java @@ -115,6 +115,9 @@ class Connectors { setConnectorAttribute(connector, "truststoreType", props.value("sonar.web.https.truststoreType", "JKS")); setConnectorAttribute(connector, "truststoreProvider", props.value("sonar.web.https.truststoreProvider")); setConnectorAttribute(connector, "clientAuth", props.value("sonar.web.https.clientAuth", "false")); + // SSLv3 must not be enable because of Poodle vulnerability + // See https://jira.codehaus.org/browse/SONAR-5860 + setConnectorAttribute(connector, "sslEnabledProtocols", "TLSv1,TLSv1.1,TLSv1.2"); setConnectorAttribute(connector, "sslProtocol", "TLS"); setConnectorAttribute(connector, "SSLEnabled", true); info("HTTPS connector is enabled on port " + port); |