Team, I can see this "SSlv2" setting impacting the Tomcat community. If someone explicity sets SSLv2 in the sslEnabledProtocols setting their Tomcat SSL connector will not work properly. The error does not occur on *startup*, but occurs when a user tries to access the SSL connector.
-Andrew On Mon, Nov 17, 2014 at 2:26 PM, Andrew Carr <andrewlanec...@gmail.com> wrote: > +1 stable << for me > > However, and I don't know if this is a game changer, I am having a problem > when implementing SSL using the NIOConnector, althought the problem does > not look like a Tomcat source problem. I did verify that disabling SSLv3 > does indeed prevent a client from connecting to the server with SSLv3 > protocol, however, when setting it to SSLv2 I am receiving an Illegal Arg > exception... Looks like this would be on the Java side, should I log it? > SSLv2 is a valid option according to the Java documnetation. > > Nov 17, 2014 2:19:35 PM org.apache.tomcat.util.net.NioEndpoint > setSocketOptions > SEVERE: > java.lang.IllegalArgumentException: SSLv2 > at > sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:164) > > Based on this though I think I should log the error with Oracle? I was > using JDK 7, and I based "SSLv2" being valid from the protocol list here: > https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames > > -Andrew > > > Full Exception: > Nov 17, 2014 2:20:42 PM org.apache.tomcat.util.net.NioEndpoint > setSocketOptions > SEVERE: > java.lang.IllegalArgumentException: SSLv2 > at > sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:164) > at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84) > at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52) > at > sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2023) > at > org.apache.tomcat.util.net.NioEndpoint.createSSLEngine(NioEndpoint.java:1144) > at > org.apache.tomcat.util.net.NioEndpoint.setSocketOptions(NioEndpoint.java:1097) > at > org.apache.tomcat.util.net.NioEndpoint$Acceptor.run(NioEndpoint.java:1322) > at java.lang.Thread.run(Thread.java:745) > > Nov 17, 2014 2:20:42 PM org.apache.tomcat.util.net.NioEndpoint > setSocketOptions > SEVERE: > java.lang.IllegalArgumentException: SSLv2 > > > > On Mon, Nov 17, 2014 at 5:39 AM, Violeta Georgieva <miles...@gmail.com> > wrote: > >> +1 stable >> >> Regards, >> Violeta >> >> На петък, 14 ноември 2014 г. Mark Thomas <ma...@apache.org> написа: >> >> > The proposed Apache Tomcat 6.0.43 release is now available for voting. >> > >> > The key changes since 6.0.41 are: >> > >> > - Disable SSLv3 by default in light of the recently announced POODLE >> > vulnerability. (CVE-2014-3566) >> > >> > - Update to Tomcat Native Library version 1.1.32 to pick up the Windows >> > binaries that are based on OpenSSL 1.0.1j and APR 1.5.1. >> > >> > - Various fixes to EL parsing when EL is used in a JSP. >> > >> > >> > It can be obtained from: >> > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-6/v6.0.43/ >> > >> > The Maven staging repo is: >> > >> https://repository.apache.org/content/repositories/orgapachetomcat-1027/ >> > The svn tag is: >> > http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_43/ >> > >> > The proposed 6.0.43 release is: >> > [ ] Broken - do not release >> > [ ] Stable - go ahead and release as 6.0.43 Stable >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> <javascript:;> >> > For additional commands, e-mail: dev-h...@tomcat.apache.org >> <javascript:;> >> > >> > >> > > > > -- > With Regards, > Andrew Carr > > e. andrewlanec...@gmail.com > w. andrew.c...@openlogic.com > h. 4235255668 > c. 4239489852 > a. 101 Francis Drive, Greeneville, TN, 37743 > -- With Regards, Andrew Carr e. andrewlanec...@gmail.com w. andrew.c...@openlogic.com h. 4235255668 c. 4239489852 a. 101 Francis Drive, Greeneville, TN, 37743
