How can I disable SSLv3 for EJB3 + SSL connections in JBoss EAP 6?

Solution In Progress - Updated -

Issue

  • How can I disable SSLv3 for EJB3 + SSL connections in JBoss EAP 6?

  • I need to disable SSLv3 due to the POODLE SSLv3 vulnerability (CVE-2014-3566).

  • Is there a TLSv1.2 support for JBoss Remoting Clients?

  • I'm unable to connect to my JBoss hosted EJBs via JBoss Remoting when my RemotingRealm (security-realm) is configured to have the server-identities/ssl/engine/enabled-protocols parameter set to only "TLSv1.2". My Java client that is initiating the JBoss Remoting connection is running under Java7. To enable this client to establish a TLSv1.2 connection to a HTTPS hosted resources I had to set the following argument. What configuration parameters or in code changes are necessary for a JBoss Remoting connections?:

-Dhttps.protocols=TLSv1.2

Environment

  • Red Hat JBoss Enterprise Application Platform
    • 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In