The following are the instructions to turn off SSLv3 on the Black Duck Code Sight
server for POODLE vulnerability:
-
On the Black Duck Code Sight server, edit the file
/opt/collabnet/teamforge/dist/conf-snippets/codesearch-tomcat-ssl.d/00-server.xml
by replacing sslProtocol="TLS" in the following code
snippet:
<Connector port="{__BDCS_TOMCAT_PORT__}" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150"
scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
keystoreFile="{__SITE_DIR__}/etc/codesearch_tomcat.store"
keystorePass=<"password"> keystoreType="PKCS12" />
with sslProtocols="TLSv1,TLSv1.1,TLSv1.2" as shown
below:
<Connector port="{__BDCS_TOMCAT_PORT__}" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150"
scheme="https" secure="true" clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2"
keystoreFile="{__SITE_DIR__}/etc/codesearch_tomcat.store"
keystorePass=<"password"> keystoreType="PKCS12" />
-
Rebuild the runtime and restart TeamForge services with the following
commands:
After completing the above-given steps, retest the connection to ensure that SSLv3
access is no longer permitted.