Does someone know how to deactivate SSLv3? Does someone know if DW supports SSLv3 or how I can check what is supported by DW 0.7.1?
Dropwizard is using Jetty for the HTTP connection handling so it is possible to configure Dropwizard to use SSLv3 for the HTTPS traffic. Use the propertysupportedProtocols. By default there is no preferred security protocol so it will use whatever the underlying JDK is supporting.
In the dropwizard configuration you need to add the following if you want TLSv1.2 connections only:
server:
applicationConnectors:
- type: https
port: 8443
....
supportedProtocols: TLSv1.2