What you will read?
If you’re running a service on port 8090 (commonly used by Jetty, Jenkins, or custom applications), disabling SSLv3 is essential to prevent vulnerabilities like POODLE.
Here’s how to do it depending on your stack:
Apache Tomcat (running on port 8090)
-
Open the
server.xml
configuration file located inconf/
directory. -
Find the
<Connector>
tag configured for port 8090. -
Modify it to explicitly disable SSLv3:
<Connector port="8090" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="200" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.3" keystoreFile="conf/keystore.jks" keystorePass="yourpassword" />
Make sure sslEnabledProtocols
does not include SSLv3
.
Restart Tomcat:
systemctl restart tomcat
Nginx Reverse Proxy (forwarding to port 8090)
If you’re using Nginx as a reverse proxy for an app on port 8090:
server { listen 443 ssl; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:8090; } }
Reload Nginx:
nginx -s reload
Jenkins (Default on 8080/8090)
For Jenkins with HTTPS enabled via Java keystore:
Edit the jenkins.xml
or your service configuration where Jenkins is started with --httpsPort=8090
.
Add the following to your startup parameters:
-Dhttps.protocols=TLSv1.2,TLSv1.3
Avoid SSLv3
anywhere in your config or JVM options.
Restart Jenkins:
systemctl restart jenkins
Java-Based Applications on Port 8090
If you’re running a custom Java server:
Ensure your JVM is launched with:
-Dhttps.protocols=TLSv1.2,TLSv1.3
If you’re using SSLContext
manually:
SSLContext ctx = SSLContext.getInstance("TLSv1.2"); ctx.init(...); SSLServerSocketFactory factory = ctx.getServerSocketFactory();
Avoid using SSLv3
in any part of your code or configuration.