Disable SSLv2/3

[mark0n]

The transport adapter that is currently being used enables SSLv2 and SSLv3. Note that these protocol versions are considered insecure since years (RFC6176, POODLE). In general enabling protocols that are not supported by the underlying libraries by default anymore doesn't sound like a good idea to me.

[shengb]

Any particular piece of code are you referring to?
It currently ignores/bypasses the SSL.
The Python client library needs a major refactoring actually, and the SSLv2/3 is one part of problems.
It does rely on the requests library underneath.

[mark0n]

See the link in my first comment. On my machine it definitely uses port 443 which makes users believe their username/password would be secure which might not be the case. As far as I can tell urllib3 comes with reasonably secure defaults. The problem at hand is that the CFClient code overrides these defaults to allow obsolete/insecure protocol versions.

[shengb]

Sounds like you already have a solution already. Why not just go ahead to fix it?

[shroffk]

The use of the sslv2/3 was due to the limitation associated with glassfish 3.x
using the urllib3 default should be now possible with the migration to glassfish 4