Note
If you enable SSL 3.0 and TLS 1.0 -- for compatibility or any other reason -- you thereby make your application vulnerable to the serious threats against which TLSv1.1 and TLSv1.2 provide protection.
To enable the SSL 3.0 protocol for Tools and Frameworks, follow these steps:
Open
server.xml
at%ENDECA_TOOLS_ROOT%\server\workspace\conf
.Change
sslEnabledProtocols
tosslEnabledProtocols="SSLv3.0"
in the SSL connector.<Connector port="8443" SSLEnabled="true" protocol="org.apache.coyote.http11.Http11Protocol" maxPostSize="0" maxThreads="150" scheme="https" secure="true" clientAuth="true" sslEnabledProtocols="SSLv3" keystoreFile="cert.ks" keystorePass="eacpass" truststoreFile="ca.ks" truststorePass="eacpass" URIEncoding="UTF-8"
Open
java.security
file in%ENDECA_TOOLS_ROOT%/server/j2sdk/jre/lib/security
.Uncomment the
jdk.tls.disabledAlgorithms
property and disable all other protocols exceptSSLv3 "jdk.tls.disabledAlgorithms=TLSv1, TLSv1.1, TLSv1.2"
.
To enable the TLS 1.0 protocol, follow these steps:
Open
server.xml
at%ENDECA_TOOLS_ROOT%\server\workspace\conf
.Change
sslEnabledProtocols
tosslEnabledProtocols="TLSv1"
in the SSL connector.<Connector port="8443" SSLEnabled="true" protocol="org.apache.coyote.http11.Http11Protocol" maxPostSize="0" maxThreads="150" scheme="https" secure="true" clientAuth="true" sslEnabledProtocols="TLSv1" keystoreFile="cert.ks" keystorePass="eacpass" truststoreFile="ca.ks" truststorePass="eacpass" URIEncoding="UTF-8"
Open
java.security
file in%ENDECA_TOOLS_ROOT%/server/j2sdk/jre/lib/security
.Uncomment the
jdk.tls.disabledAlgorithms
property and disable all other protocols exceptTLSv1:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1.1, TLSv1.2