Poodle SSL V3 Protocol Vulnerability in CA CSM
Important! Notification for CA Chorus Software Manager (CSM) users who have configured CSM to enable HTTPS access.
Note: Ignore this message if your CA CSM is not configured to enable HTTPS access.
Symptom: POODLE SSL V3 PROTOCOL VULNERABILITY.
There is a vulnerability in HTTPS, this fix will basically disable HTTPS and only allow TLS. If you configured CA CSM to use HTTPS instead of HTTP for user access, either manually, by using a USS file to store certificates, or using an external security manager, follow the directions below:
- Generate a keystore or generate a digital certificate for Apache Tomcat
- Configure Apache Tomcat
- Go to tomcat/conf and open the server.xml file.
- Comment out or remove the line with the SSL connector variable
- Add following line into this section sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
- Start (or restart) Apache Tomcat
- Enable your browser to use TLS encryption
- Restart your browser
- Access the HTTPS URL