We're trying to configure the AdminUI for SSL to restrict communication to
the TLS protocol only and our Security team reports that the SSLv3
protocol can still be used.
How can we check that ?
We've configured the JBoss server.xml that way :
<Connector SSLEnabled="true" SSLProtocol="TLSv1.2"
We run the following command and it shows that the adminui on port 8443 is
negociating TLSv1 protocol :
# openssl s_client -connect adminui_ip:8443 -crlf
New, TLSv1.1, Cipher is TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
So the configuration is working as expected.
AdminUI 12.52SP1CR09 on on Windows 2008 R2;
Check with the security team to undestand how they see the SSLv3
protocol being still in use.