How can I disable SSLv3 for EJB3 + SSL connections in JBoss EAP 6?

Solution In Progress - Updated -

Issue

  • How can I disable SSLv3 for EJB3 + SSL connections in JBoss EAP 6?

  • I need to disable SSLv3 due to the POODLE SSLv3 vulnerability (CVE-2014-3566).

  • Is there a TLSv1.2 support for JBoss Remoting Clients?

  • I'm unable to connect to my JBoss hosted EJBs via JBoss Remoting when my RemotingRealm (security-realm) is configured to have the server-identities/ssl/engine/enabled-protocols parameter set to only "TLSv1.2". My Java client that is initiating the JBoss Remoting connection is running under Java7. To enable this client to establish a TLSv1.2 connection to a HTTPS hosted resources I had to set the following argument. What configuration parameters or in code changes are necessary for a JBoss Remoting connections?:

-Dhttps.protocols=TLSv1.2

Environment

  • Red Hat JBoss Enterprise Application Platform
    • 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content