How can I disable SSLv3 for EJB3 + SSL connections in JBoss EAP 6?

Solution In Progress - Updated -

Issue

  • How can I disable SSLv3 for EJB3 + SSL connections in JBoss EAP 6?

  • I need to disable SSLv3 due to the POODLE SSLv3 vulnerability (CVE-2014-3566).

  • Is there a TLSv1.2 support for JBoss Remoting Clients?

  • I'm unable to connect to my JBoss hosted EJBs via JBoss Remoting when my RemotingRealm (security-realm) is configured to have the server-identities/ssl/engine/enabled-protocols parameter set to only "TLSv1.2". My Java client that is initiating the JBoss Remoting connection is running under Java7. To enable this client to establish a TLSv1.2 connection to a HTTPS hosted resources I had to set the following argument. What configuration parameters or in code changes are necessary for a JBoss Remoting connections?:

-Dhttps.protocols=TLSv1.2

Environment

  • Red Hat JBoss Enterprise Application Platform
    • 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.