[jira] [Commented] (OFBIZ-5881) Update embedded Tomcat to 7.0.57

Tue, 18 Nov 2014 02:49:28 -0800 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-5881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14216058#comment-14216058
 ] 

Jacques Le Roux commented on OFBIZ-5881:
----------------------------------------

Here is a nmap result
{code}
# Nmap 6.47 scan initiated Tue Nov 18 11:25:50 2014 as: nmap.exe -p 8443 
--unprivileged -Pn --script ssl-enum-ciphers -oN poodle_443 10.0.1.12
Nmap scan report for 10.0.1.12
Host is up (0.10s latency).
PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.1: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.2: 
|     ciphers: 
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_RSA_WITH_RC4_128_MD5 - strong
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     compressors: 
|       NULL
|_  least strength: strong

# Nmap done at Tue Nov 18 11:25:58 2014 -- 1 IP address (1 host up) scanned in 
8.62 seconds
{code}

> Update embedded Tomcat to 7.0.57
> --------------------------------
>
>                 Key: OFBIZ-5881
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5881
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>             Fix For: Upcoming Branch
>
>
> See http://tomcat.apache.org/tomcat-7.0-doc/changelog.html for details
> Notably related to OFBIZ-5848 (Poodle) changes in Coyote:
> * Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a patch 
> by Marcel Ĺ ebek. This feature requires Tomcat Native library 1.1.32 or later. 
> (schultz/jfclere)
> * add Disable SSLv3 by default for JSSE based HTTPS connectors (BIO and NIO). 
> The change also ensures that SSLv2 is disabled for these connectors although 
> SSLv2 should already be disabled by default by the JRE. (markt)
> * add Disable SSLv3 by default for the APR/native HTTPS connector. (markt)
> I will test later if we can get rid of forcing TLSv2 in OFBiz



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to