Fixes #8173: Disable SSLv3 in tomcat

theforeman · Oct 29, 2014 · 3a1d536 · 3a1d536
1 parent db962f2
commit 3a1d536
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/templates/tomcat/server.xml.erb b/templates/tomcat/server.xml.erb
@@ -89,6 +89,7 @@
     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="150" scheme="https" secure="true"
                clientAuth="want" SSLProtocol="TLS"
+               sslEnabledProtocol="TLSv1.2,TLSv1.1,TLSv1"
                keystoreFile="conf/keystore"
                truststoreFile="conf/keystore"
                keystorePass="<%= scope.lookupvar("candlepin::keystore_password") %>"

diff --git a/templates/tomcat6/server.xml.erb b/templates/tomcat6/server.xml.erb
@@ -90,6 +90,7 @@
     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="150" scheme="https" secure="true"
                clientAuth="want" SSLProtocol="TLS"
+               sslEnabledProtocol="TLSv1.2,TLSv1.1,TLSv1"
                keystoreFile="conf/keystore"
                truststoreFile="conf/keystore"
                keystorePass="<%= scope.lookupvar("candlepin::keystore_password") %>"