svn commit: r1799412 - in /tomcat/trunk/webapps/docs: changelog.xml config/http.xml

Wed, 21 Jun 2017 02:24:56 -0700 

Author: markt
Date: Wed Jun 21 09:24:41 2017
New Revision: 1799412

URL: http://svn.apache.org/viewvc?rev=1799412&view=rev
Log:
SSLv2 and SSLv3 are hard-coded coded to be disabled.

Modified:
    tomcat/trunk/webapps/docs/changelog.xml
    tomcat/trunk/webapps/docs/config/http.xml

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1799412&r1=1799411&r2=1799412&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Jun 21 09:24:41 2017
@@ -222,6 +222,10 @@
         and/or stack traces on web application stop and/or start when running
         under a security manager. (markt)
       </fix>
+      <fix>
+        Correct the TLS configuration documentation to remove SSLv2 and SSLv3
+        from the list of supported protocols. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">

Modified: tomcat/trunk/webapps/docs/config/http.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1799412&r1=1799411&r2=1799412&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Wed Jun 21 09:24:41 2017
@@ -1230,8 +1230,8 @@
       <p>The names of the protocols to support when communicating with clients.
       This should be a list of any combination of the following:
       </p>
-      <ul><li>SSLv2Hello</li><li>SSLv2</li><li>SSLv3</li><li>TLSv1</li>
-          <li>TLSv1.1</li><li>TLSv1.2</li><li>all</li></ul>
+      <ul><li>SSLv2Hello</li><li>TLSv1</li><li>TLSv1.1</li><li>TLSv1.2</li>
+          <li>all</li></ul>
       <p>Each token in the list can be prefixed with a plus sign ("+")
       or a minus sign ("-"). A plus sign adds the protocol, a minus sign
       removes it form the current list. The list is built starting from



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to