How can I disable SSLv3 for JMS + SSL connections in JBoss EAP 5?

Solution Unverified - Updated 5 Aug 2024

Environment

Red Hat JBoss Enterprise Application Platform
- 5.x

Issue

How can I disable SSLv3 for JMS + SSL connections in JBoss EAP 5?

I need to disable SSLv3 due to the POODLE SSLv3 vulnerability (CVE-2014-3566).

Resolution

Enable JMS over SSL as described by this knowledge base article
Add an enabledProtocols attribute to the "SSL Bisocket Transport Connector" MBean in the server/${PROFILE}/deploy/messaging/remoting-sslbisocket-service.xml file. The enabledProtocols attribute should look like the following:
```
<attribute name="enabledProtocols" isParam="true">TLSv1,TLSv1.1,TLSv1.2</attribute> 
```
The versions of TLS available will depend on the JVM version. TLSv1.1 and TLSv1.2 are not available on Java 6.

SBR

JBoss Security

Product(s)

Red Hat JBoss Enterprise Application Platform

Tags

jboss_security

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.