How to disable SSLv3 on jRockit

Similar Messages

• How to disable SSLv3 on SSL enabled NodeManager (wls12.1.1 with jRockit)

  how to disable SSLv3 on SSL enabled NodeManager (wls12.1.1 with jRockit)

  Hi,
  Add the following Java option in the StartNodemanger.sh file
  Steps to disable SSLv3 protocol on Weblogic:
  1.  The weblogic.security.SSL.protocolVersion command-line argument lets you specify which protocol is used for SSL connections.
  2.  After enabling/configuring the SSL for weblogic server, append the following option to the JAVA_OPTIONS variable
          -Dweblogic.security.SSL.protocolVersion=TLS1
       NOTE: If you don’t specify the above property, by default it takes SSLv3.
  Check the below Links for more information
  http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1046921.aspx
  http://docs.oracle.com/cd/E17904_01/web.1111/e13707/ssl.htm#SECMG494
  CVE-2014-3566 - Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Java SE
  Additional Info
  Poodle Vulnerability CVE-2014-3566
  CVE-2014-3566 - Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Java SE
  Hope it helps

• How to disable SSLv3 and RC4 on Lync Server Access Edge?

  We use Lync Server 2013.
  How to disable SSLv3 and RC4 on Lync Server Access Edge?
  This solution https://technet.microsoft.com/en-us/library/security/3009008.aspx doesn't work

  Hi dizen,
  To completely disable RC4, you can create the following registry key:
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
  "Enabled"=dword:00000000
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
  "Enabled"=dword:00000000
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
  "Enabled"=dword:00000000
  For more details, please check out this KB.
  http://support.microsoft.com/kb/2868725
  Best regards,
  Eric

• How to disable SSLv3 and keep only TLS for LDAP connection.

  Hi,
  I'm planning to keep only TLSv1.2 for LDAP connections.
  I tried to set LDAP_OPT_SSL_INFO in LDAP Session Options using a SecPkgContext_ConnectionInfo Structure with dwProtocol SP_PROT_TLS1_2_CLIENT(as described here -  https://social.msdn.microsoft.com/Forums/en-US/7544226d-97e1-4dae-a377-e382c2281e91/how-to-set-up-tls-in-ldap-connection?forum=vcgeneral),
  but it returns LDAP_PARAM_ERROR.
  I tried to call this function directly after ldap_sslinit/ldap_init and before ldap_connect() - without success, I tried to use other parameters with default values, I tried to initialize them by 0/other possible values - and also no success.
  How I can do this?
  Thanks for your advices.

  LDAP_PARAM_ERROR
  https://msdn.microsoft.com/en-us/library/aa367026(v=vs.85).aspx

• How do I disable SSLv3 in Safari (OSX & iOS)

  Hi All,
  So following this morning's Google announcement on the SSLv3 vulnerability, I tried disabling it on the client side on my various systems and browser. On OSX, I managed to do it for Firefox and Chrome but not for Safari. On iOS I didn't manage at all.
  Any clue on how it can be done?
  FWIW:
  - Disabling SSLv3 in Firefox:
    Open about:config, find security.tls.version.min and set the value to 1. Then restart your browser to drop any open SSL connections.
  - Disabling SSLv3 in Chrome:
    Launch Chrome using an AppleScript that contains the following
    do shell script "open -a /Applications/Google\\ Chrome.app --args --ssl-version-min=tls1"
  - Checking client-side vulnerability:
     https://www.poodletest.com/
  - Checking server-side vulnerability:
     http://www.poodlebleed.com
  Cheers,
  Alex

  Apple posted the following updates that include a fix for the SSLv3 "Poodle" issue:
  Yosemite 10.10
  Security Update 2014-005 Mavericks
  Security Update 2014-005 Mountain Lion
  as well as updates for all currently supported Servers (4.0, 3.2.2, 2.2.5)
  All of them contain the following:
  Secure Transport
  Impact:  An attacker may be able to decrypt data protected by SSL
  Description:  There are known attacks on the confidentiality of SSL
  3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
  could force the use of SSL 3.0, even when the server would support a
  better TLS version, by blocking TLS 1.0 and higher connection
  attempts. This issue was addressed by disabling CBC cipher suites
  when TLS connection attempts fail.
  CVE-ID
  CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
  Google Security Team
  It would appear that your browsers will show "maybe vulnerable" on the poodletest site, so my guess is that OS X will prevent all apps from using SSLv3 even if they would otherwise be capable of doing so.  This will protect other apps, such as e-mail clients that are also normally able to use SSLv3.

• How do I disable SSLV3 in Oracle HTTP SERVER to prevent POODLE attacks?

  How do I disable SSLV3 in Oracle HTTP SERVER to prevent POODLE attacks?
  I see the line in the ssl.conf file:
  SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5:SSL_RSA_WITH_RC4_128_SHA:SSL_RSA_WITH_3DES_EDE_CBC_SHA:SSL_RSA_WITH_DES_CBC_SHA:SSL_RSA_EXPORT_WITH_RC4_40_MD5:SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
  but I'm not sure which ciphers are SSLV3.
  Thanks,
  Andy

  Hi Andy,
  For this, we highly recommend you to open a SR with Oracle support and Security team would be assisting you on how to get this fixed.
  Thanks,
  Sharmela

• How to Disable SSLv2 in Oracle IAS 10.1.3

  How to disable SSLV2 in Oracle IAS 10.1.3.. I added below in ssl.conf file.. But it is not working...
  SSLProtocol -ALL SSLv3 TLSv1
  SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
  Thanks
  Lalitha

  How can you have WebCache if you are using 10.1.3 version?
  The cause of this problem has been identified and verified in an unpublished Bug 4761833 : "IE FAILS TO TO CONNECT TO WEBCACHE VIA SSL IF SSLV2.0 IS NOT SELECTED".
  By default Webcache sets its SSL_ENABLED parameter in webcache.xml to: SSLV3_V2H
  This supports only SSL V2.0 and SSLV3.0 and not TLSV1.0
  When IE makes a connection with: SSL V2.0, SSLV3.0, TLSV1.0 all checked, an Ethereal sniff shows:
  SSLV2 Client Hello
  SSLV3 Server Hello
  When IE makes a connection with: SSLV3.0, TLSV1.0 checked, SSL v2.0 unchecked, an Ethereal sniff shows:
  TLSV1 Client Hello
  SSLV3 Alert (Level: Fatal, Description: Unexpected Message)
  When Firefox makes a connection with SSLV3.0, TLSV1.0 checked, SSL v2.0 unchecked an Ethereal
  sniff shows:
  SSLV2 Client Hello
  SSLV3 Server Hello
  So even though SSLV2.0 is unchecked it still makes the initial Client Hello via SSLV2.0 hence why Mozilla works
  The reason why IE fails when SSLV2.0 is unchecked is because IE always uses what it considers to be the best Protocol and picks TLSV1.0, and as the default SSL_ENABLED parameter in Webcache does not support TLS V1.0, then it fails.
  Solution
  To implement the solution, execute the following steps:
  1. Edit the $ORACLE_HOME/webcache/webcache.xml
  For the SSL Listen entry e.g:
  <LISTEN IPADDR="ANY" PORT="443" SSLENABLED="SSLV3_V2H" PORTTYPE="NORM">
  Change:
  "SSLV3_V2H"
  to
  "SSL"
  2. Save the file and restart webcache, and then test you can access Webcache via SSL with SSLV2.0 unchecked
  Hope this helps
  Regards.

• Disabling SSLv3 on Cisco

  I have an ASA 5515X firewall running on software version 9.1(1). Does anyone know how to properly disable SSLv3 on this device? This is in regards to addressing the POODLE vulnerability. Thank you.

  you can try using v9.3(2) and only allow TLS1.2. Look at this thread:
  https://supportforums.cisco.com/discussion/12393656/asa-ssl-certificate-report-ssllabscom

• How to disable parent window while popup window is coming

  Hi,
  I am working on Oracle Applications 11i.
  I am able to get the popup window using the Java script in the controller.
  Please see the below code for the reference.
  String pubOrderId = pageContext.getParameter("orderId");
  StringBuffer l_buffer = new StringBuffer();
  StringBuffer l_buffer1 = new StringBuffer();
  l_buffer.append("javascript:mywin = openWindow(top, '");
  l_buffer1.append("/jct/oracle/apps/xxpwc/entry/webui/AddAttachmentPG");
  l_buffer1.append("&retainAM=Y");
  l_buffer1.append("&pubOrderId="+pubOrderId);
  String url = "/OA_HTML/OA.jsp?page="+l_buffer1.toString();
  OAUrl popupUrl = new OAUrl(url, OAWebBeanConstants.ADD_BREAD_CRUMB_SAVE );
  String strUrl = popupUrl.createURL(pageContext);
  l_buffer.append(strUrl.toString());
  l_buffer.append("', 'lovWindow', {width:750, height:550},false,'dialog',null);");
  pageContext.putJavaScriptFunction("SomeName",l_buffer.toString());
  But here the problem is, even though popup window is there, i am able to do the actions on the parent page.
  So how to disable the parent page, while getting the popup window.
  Thanks in advance.
  Thanks
  Naga

  Hi,
  You can use javaScript for disabling parent window as well.
  Refer below link for the same:
  http://www.codeproject.com/Questions/393481/Parent-window-not-disabling-when-pop-up-appears-vi
  --Sushant                                                                                                                                                                                                                                                                                                                                                                                                                                           

• How to Disable "Auto Align" in [System Pref.] - [Display] - [Arrangement]

  Does anyone know How to Disable "Auto Align" in [System Preferences] -> [Display] -> [Arrangement]?
  It always want to align the two screens from the top when they are lined up close together and I need them to be aligned from the bottom. Since the resolution heights are so close together (1080 & 1050) it does not allow one to align side by side from the bottom as it prioritizes top alignment.
  I guess I'm looking for a script to disable this feature.

  Anyone got any ideas?

• How to disable the "turn page" event triggered by the scroll/swipe function?

  The problem is as follows.
  The default behaviour of Acrobat Reader (both stand alone and browser plug-in) is to allow scrolling/swiping with the mouse wheel/trackpad. This is useful when the pdf's page length is greater than the screen's own length, because you can read the pdf with no need to distract your attention from the text to the scrollbar button. However, the same scroll/swipe function turns into a usability problem when the pdf is embedded in a html page and the pdf's page length is smaller than the browser's length. In this case, the scroll/swipe turns the page, distracting your attention from the text to the unintended behaviour of the browser. What happens is that you are so used to scrolling/swiping that you did it unintentionally in the pdf's caption area. You really did not want to turn pages in the pdf. Furthermore, if the pdf takes the whole html page, being a website, the scroll/swipe function flips the website pages in ways that neither the reader nor the writer had ever intended. Hence the question. How to disable, in this case, the "turn page" event triggered by the scroll/swipe function? A JavaScript should do, but the SDK documents did not help so far...
  Message was edited by: 41457173
  Message was edited by: 41457173

  ... or release a patch for the API,
  ... or suggest an alternative route to achieve the intended result.

• [Forum FAQ] How to disable Microsoft account default sign-in behavior when accessing Microsoft website on Windows 8.1

  Scenario
  By default it will sign in with current Microsoft account, if a user accesses Microsoft website (www.live.com, www.bing.com, etc.) with Microsoft account on Windows 8.1. This article describes how to disable this default sigh-in behavior if you want to use
  different Microsoft accounts every time. 
  Method
  To disable this default sign-in behavior, we can deny current Microsoft Account read permission of MicrosoftAccountTokenProvider.dll, please follow the following steps:
  Run Command Prompt with elevated permissions.
  Run the following command to take ownership of MicrosoftAccountTokenProvider.dll:
    takeown /f C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
  Run the following command to deny the read permission of the Microsoft:                                
   icacls C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll /deny
  [email protected]:r                                                                                                                
  Note: Please replace your current Microsoft Account with the example
  [email protected]
  Change the owner of this file back to TrustedInstaller:
  Right-click MicrosoftAccountTokenProvider.dll under
  C:\Windows\SysWOW64\, choose Properties. Under
  Security tab, click Advanced.
  Click Change, in the box Enter the object name to select, type
  NT Service\TrustedInstaller.
  Click OK.
  Note: This operation would take some hours to work.
  Apply to:
  Windows 8.1
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  Error: System cannot find the specified path
  I am getting this eroor
  Parashuram Singade www.distinctnotion.com

• How to disable airplay mirroring on iPad with ios7

  How to disable airplay mirroring on iPad with ios7?

  I've had this problem ever since I was at my friend's house- she has Apple TV- and my iPad connected automatically. So, I have no idea why any of the practical solutions that people think of are not options BUT, in terms of just getting it done, I did figure out a way. The key for me was getting near another Apple TV. I was out of town so I took my iPad to another friend's house who also has TV. Once I was logged onto their wireless network (the same network that their Apple TV is on-- that's how it connected in the first place), then the Airplay icon and options showed up from the bottom-draw menu and I was able to make sure that mirroring was turned off from the Apple TV section and to make sure the selection was on iPad instead. Problem solved. Now whether or not this will stay the same (rather than me having to make sure it stays at this setting everytime I link up to a network that has an Apple TV on it) I don't know. So my advice is find someone with Apple TV and connect to their network with your iPad and then change it.

• I have changed the apple ID (email, but on my iphone , the icloud is stil asking me to log in whit the old email.And it is poping-up on every 10 seconds.I never used icloud, and i dont want to use it.I just dont know how to disable the icloud.

  i have changed the apple ID (email) but on my iphone , the icloud is stil asking me to log in whit the old email.And it is poping-up on every 10 seconds.I never used icloud, and i dont want to use it.I just dont know how to disable the icloud.

  If you see that pop up you enabled icloud. Whether you want or do not want now to use it irrelevant until you actually disable activation lock.
  In order to do that you have to change your apple id back to do that just long enough to sign in and back out. System will ask you to verify, don't.
  Just sign in on the prompt you getting and then logout. Once done, change apple id to what you have now and verify. Then decide if you want to
  use icloud (who does not want to be able to track their phone if lost or stolen).

• Can't use down key because it opens automator. Does any one know how to disable this short cut?

  Everytime I press down on down key it opens automator. It doesn't let me delete the app. I don't know what to do, it is very frustating to fill in a chart when I can't use the down key. Does any one know how to disable this short cut?

  Are you talking about the Down Arrow key? To my knowledge there is no way to use that key as a shortcut for anything. But look in the Keyboard section of System Preferences and the Keyboard shortcut tab.