Hi, Is this about the POODLE SSLv3 vulnerability? OK, I will disable SSL in the next version to make the port scanner happy (only support TLS).
But the H2 Console uses a hardcoded, self-signed certificate. I will not change this, unless somebody sends a patch. So if you really want to use secure connections with the H2 Console, then please note "man in the middle" attacks are still possible, unless you are careful. Regards, Thomas On Wed, Oct 29, 2014 at 8:40 PM, Kevin Wu <[email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > This post has NOT been accepted by the mailing list yet. > I have question regarding to H2 web console issue, my H2 web console port > got scan and complain the vulnerabilities weak/medium ciphers support by > web console. > > I understand H2 is under tomcat but there is no server.xml and httpd to > update the accept ciphers, does anyone know how to config those accept > ciphers perhaps in wrapper.conf? > > thank you > kdyj > > -- > You received this message because you are subscribed to the Google Groups > "H2 Database" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <javascript:_e(%7B%7D,'cvml','h2-database%[email protected]');> > . > To post to this group, send email to [email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>. > Visit this group at http://groups.google.com/group/h2-database. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
