PROBLEM:
I want to block the WebApp from using SSLv3
SOLUTION:
Please note that the following settings may be incorporated into a future revision of Traverse.
To prevent the Traverse Web Application from using SSLv3 or any RC4 based ciphers, add the 'sslProtocol','protocols' and 'ciphers' values to the '<Connector port="443"' section of the file 'TRAVERSE_HOME\apps\tomcat\conf\server.xml as shown below:
<Connector port="443" minProcessors="20" maxProcessors="80" enableLookups="false" allowChunking="false" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" protocols="TLSv1.1,TLSv1.2" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" keystorePass="redacted" keystoreFile="/usr/local/traverse/etc/webapp.keystore" compression="off" debug="0" URIEncoding="UTF-8" />
Then save the changes and restart the Web Application.