How can I disable SSLv3 for EJB3 + SSL connections in JBoss EAP 6?

Environment

• Red Hat JBoss Enterprise Application Platform
  • 6.x

Issue

• How can I disable SSLv3 for EJB3 + SSL connections in JBoss EAP 6?

• I need to disable SSLv3 due to the POODLE SSLv3 vulnerability (CVE-2014-3566).

• Is there a TLSv1.2 support for JBoss Remoting Clients?

• I'm unable to connect to my JBoss hosted EJBs via JBoss Remoting when my RemotingRealm (security-realm) is configured to have the server-identities/ssl/engine/enabled-protocols parameter set to only "TLSv1.2". My Java client that is initiating the JBoss Remoting connection is running under Java7. To enable this client to establish a TLSv1.2 connection to a HTTPS hosted resources I had to set the following argument. What configuration parameters or in code changes are necessary for a JBoss Remoting connections?:

-Dhttps.protocols=TLSv1.2

Resolution

The protocols used for the secure EJB3 connections can be modified by setting the SSL_ENABLED_PROTOCOLS property in the remoting subsystem section of the standalone.xml:

     <subsystem xmlns="urn:jboss:domain:remoting:1.1">
         <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm">
            <properties>
                <property name="SSL_ENABLED_PROTOCOLS" value="TLSv1,TLSv1.1,TLSv1.2"/>  <!-- FIXME: Exclude SSLv3 from the list to disable SSL version 3 -->
            </properties>
         </connector>
     </subsystem>

The versions of TLS available will depend on the JVM version. TLSv1.1 and TLSv1.2 are not available on Java 6.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.