Andrew, On 11/17/14 2:26 PM, Andrew Carr wrote: > +1 stable << for me > > However, and I don't know if this is a game changer, I am having a problem > when implementing SSL using the NIOConnector, althought the problem does > not look like a Tomcat source problem. I did verify that disabling SSLv3 > does indeed prevent a client from connecting to the server with SSLv3 > protocol, however, when setting it to SSLv2 I am receiving an Illegal Arg > exception... Looks like this would be on the Java side, should I log it? > SSLv2 is a valid option according to the Java documnetation. > > Nov 17, 2014 2:19:35 PM org.apache.tomcat.util.net.NioEndpoint > setSocketOptions > SEVERE: > java.lang.IllegalArgumentException: SSLv2 > at > sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:164)
Please provide the remainder of the stack trace next time. > Based on this though I think I should log the error with Oracle? I was > using JDK 7, and I based "SSLv2" being valid from the protocol list here: > https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames Note that, like polio, SSLv2 has been wiped from the face of the planet. This is not an error. This will not impact anyone of consequence. You may be looking for "SSLv2Hello". -chirs
signature.asc
Description: OpenPGP digital signature
