+++ This bug was initially created as a clone of Bug #1153313 +++ Description of problem: Per https://access.redhat.com/articles/1232123 httpd configuration should disable the SSLv3 protocol.
Verified this bug with 2.1.z/2014-11-05.1 against both vhost and rewrite frontend, and PASS. 1. Create an app successfully. 2. Check sslv3 is disabled on broker and node, and make sure app's url are still available. Command: ( sleep 0.2; echo Q ) | timeout 5 openssl s_client -connect '10.66.79.120:443' -no_tls1 -no_tls1_1 -no_tls1_2 2>&1 | grep 'no peer certificate available' no peer certificate available Command: (sleep 0.2; echo Q ) | timeout 5 openssl s_client -connect '10.66.79.120:443' 2>&1 | tail -1 | grep 'DONE' DONE Command: ( sleep 0.2; echo Q ) | timeout 5 openssl s_client -connect 'poodleapp-jialiu.ose21z-manual.com.cn:443' -no_tls1 -no_tls1_1 -no_tls1_2 2>&1 | grep 'no peer certificate available' no peer certificate available Command: (sleep 0.2; echo Q ) | timeout 5 openssl s_client -connect 'poodleapp-jialiu.ose21z-manual.com.cn:443' 2>&1 | tail -1 | grep 'DONE' DONE
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2014-1906.html