gards,
--
Carlos.
From: Aaron Eidt [mailto:aei...@uwo.ca]
Sent: Monday, 20 October, 2014 11:50
To: cas-user@lists.jasig.org
Subject: [cas-user] CAS 3.5.2 and CVE-2014-3566, POODLE
I've attempted to change tomcat config to disable SSLv3 and when I do I get the following
exception trying
>>>> only affect the CAS client.
>>>>
>>>> I have upgraded to JDK 7u72 and added
>>>> –Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 to the JVM command line, but still
>>>> get the same error message. My guess is that the limited set of ciphers
>>>
led in
>>> the JVM. I’m still looking at what values the https.cipherSuites system
>>> property accepts in order to configure it accordingly.
>>>
>>> Best regards,
>>> --
>>> Carlos.
>>>
>>> From: Aaron Eidt [mailto:aei..
> java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Received
> fatal alert: handshake_failure
> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:341)
> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)
Please perform an SSL
r, 2014 12:22
> *To:* cas-user@lists.jasig.org
> *Subject:* Re: [cas-user] CAS 3.5.2 and CVE-2014-3566, POODLE
>
> A quick way to check what might be available on your load balancer is
> to run it through something like [https://www.ssllabs.com/ssltest/].
> After the test, you sho
t;> Best regards,
>> --
>> Carlos.
>> *From:*Aaron Eidt [mailto:aei...@uwo.ca]
>> *Sent:*Monday, 20 October, 2014 11:50
>> *To:*cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org>
>> *Subject:*[cas-user] CAS 3.5.2 and CVE-2014-3566, POODLE
>>
&g
guess is that the limited set of ciphers
>>> supported by the load balancer doesn’t match the default ciphers enabled in
>>> the JVM. I’m still looking at what values the https.cipherSuites system
>>> property accepts in order to configure it accordingly.
>>
, 20 October, 2014 12:22
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] CAS 3.5.2 and CVE-2014-3566, POODLE
A quick way to check what might be available on your load balancer is to
run it through something like [https://www.ssllabs.com/ssltest/]. After
the test, you should see what protocols
onday, 20 October, 2014 11:50
> To: cas-user@lists.jasig.org
> Subject: [cas-user] CAS 3.5.2 and CVE-2014-3566, POODLE
>
> I've attempted to change tomcat config to disable SSLv3 and when I do I get
> the following exception trying to login to CAS service management (not
&
hat values the
>> https.cipherSuites system property accepts in order to configure it
>> accordingly.
>> Best regards,
>> --
>> Carlos.
>> *From:*Aaron Eidt [mailto:aei...@uwo.ca]
>> *Sent:*Monday, 20 October, 2014 11:50
>> *To:*cas-user@lists.jasig.org
still looking at what values the
> https.cipherSuites system property accepts in order to configure it
> accordingly.
>
> Best regards,
> --
> Carlos.
>
> From: Aaron Eidt [mailto:aei...@uwo.ca]
> Sent: Monday, 20 October, 2014 11:50
> To: cas-user@lists.jasig.org
> Subject: [
For help troubleshooting all sorts of SSL problems in a JVM, check out
[https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https].
A quick thing to try to fix this would be to add `-Dhttps.protocols=TLSv1`
when starting Tomcat (usually added to setenv.sh).
-Jj
On Oct 20,
tes system
property accepts in order to configure it accordingly.
Best regards,
--
Carlos.
From: Aaron Eidt [mailto:aei...@uwo.ca]
Sent: Monday, 20 October, 2014 11:50
To: cas-user@lists.jasig.org
Subject: [cas-user] CAS 3.5.2 and CVE-2014-3566, POODLE
I've attempted to change t
I've attempted to change tomcat config to disable SSLv3 and when I do I
get the following exception trying to login to CAS service management
(not immediately, after a few minutes and sometimes after updated the
second host). Adding sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to SSL
connector h
14 matches
Mail list logo