如何保护Tibco BW免受POODLE攻击？ （SSL 3.0协议漏洞）

Question

为了保护Tibco BW免受POODLE attack攻击，如何在其Web服务器组件（用于Web服务，http侦听器等）上禁用SSL v3.0以便客户端只能连接使用TLS？

Answer 1

在您的问题中，您尚未分享您正在使用的TIBCO BusinessWorks版本。但是TIBCO已经发布了修复补丁来解决这个问题。以下是从TIBCO运行时代理的发行说明5.9.0修补程序4：

Closed Issues in 5.9.0_HF-004 (This Release)

TCRT-56

To protect from the POODLE SSLv3 vulnerability (CVE-2014-3566), the SSLv3 protocol is no longer supported for TLS/SSL connections. Only version 1.0 or higher of TLS is supported.

For backward compatibility with software that supports only SSLv3, you can enable the SSLv3 protocol by setting the following system-wide properties for client-side and server-side connections in the .tra file: java.property.com.tibco.security.ssl.client.EnableSSLv3=true java.property.com.tibco.security.ssl.server.EnableSSLv3=true