From 68f4a951c93af6c88dd07a0e11a3863485555a31 Mon Sep 17 00:00:00 2001
From: chenson42 <chenson42@gmail.com>
Date: Mon, 24 Nov 2014 20:50:38 +0000
Subject: [PATCH] 0002081: Disable SSLv3

---
 .../main/java/org/jumpmind/symmetric/SymmetricWebServer.java    | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/symmetric-server/src/main/java/org/jumpmind/symmetric/SymmetricWebServer.java b/symmetric-server/src/main/java/org/jumpmind/symmetric/SymmetricWebServer.java
index e7452e036c..6fd7a47e2c 100644
--- a/symmetric-server/src/main/java/org/jumpmind/symmetric/SymmetricWebServer.java
+++ b/symmetric-server/src/main/java/org/jumpmind/symmetric/SymmetricWebServer.java
@@ -379,6 +379,8 @@ protected Connector[] getConnectors(int port, int securePort, Mode mode) {
             SslContextFactory sslConnectorFactory = ((SslSocketConnector) connector).getSslContextFactory();
             sslConnectorFactory.setKeyStorePath(keyStoreFile);
             sslConnectorFactory.setKeyManagerPassword(keyStorePassword);
+            /* Prevent POODLE attack */
+            sslConnectorFactory.addExcludeProtocols("SSLv3");
             sslConnectorFactory.setCertAlias(System.getProperty(SystemConstants.SYSPROP_KEYSTORE_CERT_ALIAS, SecurityConstants.ALIAS_SYM_PRIVATE_KEY));
             sslConnectorFactory.setKeyStoreType(keyStoreType);