问题描述

发现POOLDE漏洞，如何在tomcat中禁用SSLv3，对浏览器有什么影响，所有浏览器都能正常工作吗?

How do I disable SSLv3 in tomcat for the POOLDE Vulnerability found, what impact it will have on browser, will all the browser work ?

推荐答案

在server.xml中使用如下配置(最后一行很重要)

Use following conffiguration in server.xml (Last line is important)

       `<Connector protocol="HTTP/1.1" SSLEnabled="true"
       port="8443" address="${jboss.bind.address}"
       scheme="https" secure="true" clientAuth="false"
       keystoreFile="${jboss.server.home.dir}/conf/keystore.jks"
       keystorePass="rmi+ssl"
       sslProtocols = "TLS" sslEnabledProtocols="TLSv1+TLSv1.1+TLSv1.2"/>`

禁用 SSLv3 的影响

大多数人禁用 SSLv3 几乎没有影响，因为他们不依赖 SSLv3 通过 SSL/TLS 建立连接.绝大多数依赖于 TLS.

There’s little impact for most people in disabling SSLv3 because they are not relying on SSLv3 to make connections via SSL/TLS. The large majority relies on TLS.

未来，Google Chrome 和 FireFox 等浏览器将在发布时禁用 SSLv3.还建议在家庭浏览器上禁用 SSLv3，而不仅仅是服务器应用程序.

In the future, browsers such as Google Chrome and FireFox will have SSLv3 disabled at release. It is also advisable to disable SSLv3 on home browsers, not only server applications.

像 IE 6 这样的非常老的浏览器会有问题，但我想那些无论如何也不支持最新的技术.

Very old browsers like IE 6 will have issues with it, but i guess those are anyways do not support may latest technologies as well.

注意:感谢 Christopher，已根据您的建议进行更新.

Note: Thanks Christopher, updated as per your suggestions.

这篇关于如何在 tomcat 中禁用 SSLv3?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！