Securing Stash (using Tomcat) against Poodle Disabling SSLv3

'How Do I...' and 'How to...' Guide to Stash

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Purpose

Disabling SSLV3 in Stash instances utilizing a Tomcat container in order to secure against the Poodle Exploit.

How To

  1. Stop Stash
  2. Edit <Stash Installation Directory>/conf/server.xml
    You'll see:
    Please note these are default values, yours may look different

    server.xml
    <Connector port="8443"
      maxHttpHeaderSize="8192"
      SSLEnabled="true"
        maxThreads="150"
      minSpareThreads="25"
      maxSpareThreads="75"
        enableLookups="false"
      disableUploadTimeout="true"
      useBodyEncodingForURI="true"
        acceptCount="100"
      scheme="https"
      secure="true"
        clientAuth="false"
      sslProtocol="TLS" />
  3. Add the following to the connector:

    SSLEnabled="true"
    sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
  4. Start Stash

 

Last modified on Oct 15, 2014

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.