You can disable SSL3 for the HTTP Connectors.
In the Admin console (the HTTPS one :)) find
Configurations->server-config->HTTP Service->Http Listeners. For every
connector there is a page 'General' where you can find a tick for
enabling HTTPS called Security. For every connector that has Security
enabled the page 'SSL' has a tick for enabling/disabling SSL3. By
default SSL3 is disabled on the http-listener-2, but is enabled on the
admin-listener.
I suspect that there is a way to do this using the asadmin tool, but
I'm not that versed with it.
My personal credo is that no JavaEE server is secure enough to be
accessible from the Internet. All the servers I use are behind an
Apache façade that does the SSL and calls the actual server (which is
not accessible in any alternate way to the outside world) using AJP.
Other façade servers can be used too.
2014-10-16 19:32 GMT+03:00 <forums_at_java.net>:
> I should also mention that I tried the https.protocols system property, also
> with no luck.
>
> --
>
> [Message sent by forum member 'mmole']
>
> View Post: http://forums.java.net/node/930922
>
>