How to enable sslv3 protocol on Confluence tomcat server?

Hi All

I have confluence 5.10 installed on with the packaged tomcat on windows platform.

We have a third party application which can communicate to confluence only over sslv3 protocol. 

My question is how can enable the tomcat on confluence server to accept handshakes in sslv3 protocol (in addition to tlsv1, tlsv1.1 and tlsv1.2).

Rahul

3 answers

2 votes

I would stop using this third party application until it is made safe.

sslv3 is broken and not secure.  It's regularly probed by bots looking for security holes and when found, used as an attack vector.

You really do not want to enable sslv3.

0 vote
Mizan Community Champion Nov 09, 2017

This protocol is disabled at jvm level you will need to enable it using the below jvm argument

-Djdk.tls.disabledAlgorithms=

No value, it means SSLv2 and SSLv3 are now enabled as they are disabled by default.

In the Tomcat configuration add SSLv3 to the ssl protocols

Please try on test first.  I am assuming you are using Tomcat 8 as it is the only compatible version with 5.10

Please, don't do this.

They are disabled for good reasons - you will be opening yourself up for easy attacks.

Thanks Mizan and Nic i understand the risks involved and will not disable them permanently. But in order to confirm my root cause of our connectivity issue i would like to disable them on my test confluence server.

Do you know how to do it on windows platform?

Good good.  Yes, it's pretty much the same in all operating systems.

Find the setenv.bat (setenv.sh on Unix-like systems).  Open it up with a text editor and look for where -D is used.  Jira's setenv files tend to have a line near the top which says "put debug arguments in here", followed by JVM_ARG="", and it's best to use that for Jira.

Confluence varies by version.  In 6.3, there's a lot of lines like

CATALINA_OPTS="-Djava.awt.headless=true ${CATALINA_OPTS}"

You can add one for this:

CATALINA_OPTS="-Djdk.tls.disabledAlgorithms=

${CATALINA_OPTS}"

 

Note that this enables a number of other insecure protocols, not just sslv3

0 vote
Ann Worley Atlassian Team Nov 14, 2017

@Rahul Aich [Nagra] If you are running Confluence as a service on Windows the setenv.bat parameters are ignored so you will need to add the option as described in: Configuring System Properties There is a command line and a registry method in the guide as well as screen shots.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Tuesday in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

377 views 16 9
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you