How to disable SSLv3 on port8090?

If you’re running a service on port 8090 (commonly used by Jetty, Jenkins, or custom applications), disabling SSLv3 is essential to prevent vulnerabilities like POODLE.

Here’s how to do it depending on your stack:

Apache Tomcat (running on port 8090)

1. Open the server.xml configuration file located in conf/ directory.

2. Find the <Connector> tag configured for port 8090.

3. Modify it to explicitly disable SSLv3:

   <Connector port="8090"
              protocol="org.apache.coyote.http11.Http11NioProtocol"
              SSLEnabled="true"
              maxThreads="200"
              scheme="https"
              secure="true"
              clientAuth="false"
              sslProtocol="TLS"
              sslEnabledProtocols="TLSv1.2,TLSv1.3"
              keystoreFile="conf/keystore.jks"
              keystorePass="yourpassword" />

Make sure sslEnabledProtocols does not include SSLv3.

Restart Tomcat:

systemctl restart tomcat

Nginx Reverse Proxy (forwarding to port 8090)

If you’re using Nginx as a reverse proxy for an app on port 8090:

server {
    listen 443 ssl;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://localhost:8090;
    }
}

Reload Nginx:

nginx -s reload

Jenkins (Default on 8080/8090)

For Jenkins with HTTPS enabled via Java keystore:

Edit the jenkins.xml or your service configuration where Jenkins is started with --httpsPort=8090.

Add the following to your startup parameters:

-Dhttps.protocols=TLSv1.2,TLSv1.3

Avoid SSLv3 anywhere in your config or JVM options.

Restart Jenkins:

systemctl restart jenkins

Java-Based Applications on Port 8090

If you’re running a custom Java server:

Ensure your JVM is launched with:

-Dhttps.protocols=TLSv1.2,TLSv1.3

If you’re using SSLContext manually:

SSLContext ctx = SSLContext.getInstance("TLSv1.2");
ctx.init(...);
SSLServerSocketFactory factory = ctx.getServerSocketFactory();

Avoid using SSLv3 in any part of your code or configuration.