Protecting against POODLE attack in Tomcat 7


What is a POODLE attack?

The internet has been a buzz with security issues this year such as Heartbleed, and Shellshock. POODLE is no different and effects almost every server on the internet. This exploit is done by performing a man in the middle attack and relying on the clients software to fallback to SSL 3.0. The result is an attacker can make around 250 SSL 3.0 requests and decrypt one byte of encrypted data.

What is the solution?

It is very simple to patch the vulnerability in Tomcat 7. This assumes that your CRT and Key file are already configured. Check your server.xml file and assure that you have set the sslEnabledProtocols to the following:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslEnabledProtocols = "TLSv1,TLSv1.1,TLSv1.2" />

Now restart your tomcat server and check if you are secure. Lots of simple tools exist to check your sites security.