如何保護Tibco BW免受POODLE攻擊？ （SSL 3.0協議漏洞）

Question

爲了保護Tibco BW免受POODLE attack攻擊，如何在其Web服務器組件（用於Web服務，http偵聽器等）上禁用SSL v3.0以便客戶端只能連接使用TLS？

Answer 1

在您的問題中，您尚未分享您正在使用的TIBCO BusinessWorks版本。但是TIBCO已經發布了修復補丁來解決這個問題。以下是從TIBCO運行時代理的發行說明5.9.0修補程序4：

Closed Issues in 5.9.0_HF-004 (This Release)

TCRT-56

To protect from the POODLE SSLv3 vulnerability (CVE-2014-3566), the SSLv3 protocol is no longer supported for TLS/SSL connections. Only version 1.0 or higher of TLS is supported.

For backward compatibility with software that supports only SSLv3, you can enable the SSLv3 protocol by setting the following system-wide properties for client-side and server-side connections in the .tra file: java.property.com.tibco.security.ssl.client.EnableSSLv3=true java.property.com.tibco.security.ssl.server.EnableSSLv3=true