Subsonic Forum

[jgalloway84]

I was curious if there is a way to disable SSL 3.0 with Subsonic due to Poodle. I have Subsonic running on it a mac and edited /Applications/Subsonic.app/Contents/Info.plist to enable https on an alternate port (4000 for my example). Everything works, but I can connect to Subsonic with SSL3.0 and I would like to disable it since it's no longer secure.

Testing for SSL 3.0: (yourdomain.com with port 4000) in Linux: openssl s_client -connect yourdomain:4000 -ssl3)

It appears Subsonic is using Jetty for the webserver and I do not see a way to disable SSL 3.0.

Question:
1. Can we disable SSL 3.0? Would it require a new release of Subsonic or is there a config file we can edit?
2. Side note, how would we use signed SSL certificates?

Thanks guys!

[daneren2005]

Some quick googling shows that it would almost definitely require a server update.

[drsbaitso]

I was curious if there is a way to disable SSL 3.0 with Subsonic due to Poodle. I have Subsonic running on it a mac and edited /Applications/Subsonic.app/Contents/Info.plist to enable https on an alternate port (4000 for my example). Everything works, but I can connect to Subsonic with SSL3.0 and I would like to disable it since it's no longer secure.

Testing for SSL 3.0: (yourdomain.com with port 4000) in Linux: openssl s_client -connect yourdomain:4000 -ssl3)

It appears Subsonic is using Jetty for the webserver and I do not see a way to disable SSL 3.0.

Question:
1. Can we disable SSL 3.0? Would it require a new release of Subsonic or is there a config file we can edit?
2. Side note, how would we use signed SSL certificates?

Thanks guys!

Why not just use a reverse proxy or something? Mine goes through Apache so I can handle everything without messing with subsonic.