SSL 3.0 is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1 [RFC4346], and TLS 1.2 [RFC5246], many TLS implementations remain backwards ­compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. The protocol handshake provides for authenticated version negotiation, so normally the latest protocol version common to the client and the server will be used.

However, even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around server­side interoperability bugs.

For more information about the SSL 3.0 POODLE attack vulnerability, visit the following web site: 

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

1. Edit the default.properties file on all eDiscovery Platform servers:

a. This file is located here: D:\CW\Vxxx\config\configs

b. Add "TLSv1,TLSv1.1,TLSv1.2" to the " esa.common.webapp.appserver.sslProtocols " line, without quotes.

BEFORE: 
esa.common.webapp.appserver.sslProtocols=

AFTER: 
esa.common.webapp.appserver.sslProtocols=TLSv1,TLSv1.1,TLSv1.2

2. Edit the server.xml file on all eDiscovery Platform servers:

a. This file is located here: D:\CW\Vxxx\config\templates\tomcat

b. Change the " sslProtocol " line from sslProtocol="@APPSERVER_SSL_PROTOCOL@ to sslEnabledProtocols="@APPSERVER_SSL_PROTOCOLS@

BEFORE: 
"

AFTER: 
"

3. Build Incremental Configuration Changes

a. Run the Clearwell Utility > Option 7.

or

b. Run the Clearwell Commander and invoke the Build Incremental Configuration Changes (control-I) Action menu item.