OpenSSL vulnerability with OM Web Viewer 12.1
search cancel

OpenSSL vulnerability with OM Web Viewer 12.1

book

Article ID: 258914

calendar_today

Updated On:

Products

Output Management Web Viewer

Issue/Introduction

Concerned about the use of OpenSSL with Web Viewer. Is it vulnerable? How to avoid using OpenSSL?

Environment

  • Output Management Web Viewer 12.1
  • OpenSSL
  •  

Cause

OpenSSL is vulnerable

Resolution

 To disable OpenSSL with Tomcat  add this line to your connector port as shown:

 <!-- WebViewer 12 connector added  -->
    <Connector protocol="org.apache.coyote.http11.Http11Nio2Protocol"
               port="443" maxThreads="200"
               scheme="https" secure="true" SSLEnabled="true"
               keystoreFile="D:\tomcatnew.jks" keystorePass="tomcat" keyAlias="tomcat"  
               sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"    <=====================       
              clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2" />

and recycle Tomcat.

Powered by Wolken Software