Because of POODLE attacks it is better security practice to disable SSLv3 and adopt only TLS. To disable SSLv3 on WildFly 8.1 set the enabled-protocols attribute of the https-listener node of the undertow subsystem in the wildfly configuration file (e.g. standalone.xml) accordingly:
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
<server name="default-server">
<https-listener name="https" socket-binding="https" security-realm="SSLRealm" enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"/>
Possible values for the enabled-protocols attribute in WildFly 8.1 are:
- SSLv3
- TLSv1
- TLSv1.1
- TLSv1.2
enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"