wso2esb - WSO2 ESB 4.0.3 - How to specify sslProtocol parameter for transport listner HttpCoreNIOSSLListener -

we working on mac osx 10.8.4 java 6 - 64 bit. working on wso2 4.0.3 esb. have enabled ssl esb cluster have deployed.

our uat going on , information security of our company has raised issue saying "ssl server supports weak encryption vulnerability". using httpcoreniossllistener transport listner.

they said typically in tomcat have change server.xml add following parameter connector

sslprotocol="sslv3"  ciphers="ssl_rsa_with_rc4_128_md5,ssl_rsa_with_rc4_128_sha,ssl_dhe_rsa_with_3des_ede_cbc_sha" 

since wso2 esb 4.0.3 there no server.xml embedded tomcat far understand, how can make sure data services deployed esb uses sslv3 protocol ssl communication , among above ciphers?

i appreciate quick response. whole wso2 evaluation solution depends upon passing information security review. looking @ os know big company working for.

thanks in anticipation. abhijit

wso2 esb 4.0.3 comes nhttp transport default , should able change transport in axis2 xml use https servlet transport.

https servlet transport has required parameters need based on apache tomcat's connector implementation.

i need check whether same parameters can used nhttp. i.e. without changing transports.

afaik, not recommended

1. change default transports in esb (if need high performance).
2. deploy services within esb.

you should able use wso2 dss, has servlet connectors default.

any particular reason using wso2 esb 4.0.3. it's recommended use latest version wso2 esb 4.7.0.