• 8

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

I have a Windows 2008 server with Tomcat 7.0.59 & Java 8u31 & I am trying to ensure that SSLv3 is disabled. Looking at the changelog for Java, SSL3 should no longer be supported and the Java Control Panel doesn't even have a checkbox to enable it in the Advanced Security Settings options. Even still, I have added sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to my HTTP connector in server.xml. Running a POODLE vulnerability scan still shows the ability to connect via SSL3.

Any ideas for other places to look or tools that could help identify what is enabling/supporting SSL3 on this box?

Here is the full connector configuration for reference:

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" keyAlias="CAS-server"
           keystoreFile="[filepath]" keystorePass="[password]"/>

The server is a virtual machine running on VMWare and is used only for CAS (Single Sign-On implementation from JA-SIG). Other programs installed on the system:

  • EMC NetWorker
  • Sophos Anti-Virus / AutoUpdate / Remote Management System
  • TortoiseSVN

Trending Tags