Purpose

Disabling SSLV3 in Bitbucket Server instances utilizing a Tomcat container in order to secure against the Poodle Exploit.

How To

Bitbucket Server version 5.+

1. Stop Bitbucket Server

2. Edit <Bitbucket home directory>/shared/bitbucket.properties

3. Add the following to the connector:

   server.ssl.enabled=true
   server.ssl.enabled-protocols=TLSv1.2,TLSv1.1,TLSv1

4. Start Bitbucket Server

Bitbucket Server up to version 4.x

1. Stop Bitbucket Server

2. Edit <Bitbucket Home Directory>/shared/server.xml
   You'll see:
   Please note these are default values, yours may look different

   server.xml

   <Connector port="8443"
     maxHttpHeaderSize="8192"
     SSLEnabled="true"
       maxThreads="150"
     minSpareThreads="25"
     maxSpareThreads="75"
       enableLookups="false"
     disableUploadTimeout="true"
     useBodyEncodingForURI="true"
       acceptCount="100"
     scheme="https"
     secure="true"
       clientAuth="false"
     sslProtocol="TLS" />

3. Add the following to the connector:

   SSLEnabled="true"
   sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"

4. Start Bitbucket Server