2014-11-17 22:26 GMT+03:00 Andrew Carr <andrewlanec...@gmail.com>: > +1 stable << for me > > However, and I don't know if this is a game changer, I am having a problem > when implementing SSL using the NIOConnector, althought the problem does > not look like a Tomcat source problem. I did verify that disabling SSLv3 > does indeed prevent a client from connecting to the server with SSLv3 > protocol, however, when setting it to SSLv2 I am receiving an Illegal Arg > exception... Looks like this would be on the Java side, should I log it? > SSLv2 is a valid option according to the Java documnetation. > > Nov 17, 2014 2:19:35 PM org.apache.tomcat.util.net.NioEndpoint > setSocketOptions > SEVERE: > java.lang.IllegalArgumentException: SSLv2 > at > sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:164) > > Based on this though I think I should log the error with Oracle? I was > using JDK 7, and I based "SSLv2" being valid from the protocol list here: > https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames > > -Andrew > > > Full Exception: > Nov 17, 2014 2:20:42 PM org.apache.tomcat.util.net.NioEndpoint > setSocketOptions > SEVERE: > java.lang.IllegalArgumentException: SSLv2 > at > sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:164) > at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84) > at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
I think that is just Sun/Oracle's way to remove support for SSLv2. There is nothing that Tomcat devs can do about. That "standard names" page is just a general reference. Specific JRE vendors may implement a subset/superset of it. E.g. if you follow "Note: The Sun Provider Documentation contains specific provider and algorithm information." link at the top of the page, you come here: https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html and there is no SSLv2 on that second page. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
