Hi
Following the recent announcement of the SSLv3 POODLE vulnerability
(CVE-2014-3566), when disabling SSLv3 on Tomcat APR/Native using the
following configuration: SSLProtocol="TLSv1", it seems that the effect is
that besides the SSLv3 protocol even the TLSv1.1 and TLSv1.2 protocols no
longer re
On 15/10/2014 13:42, John Blaut wrote:
Hi
Following the recent announcement of the SSLv3 POODLE vulnerability
(CVE-2014-3566), when disabling SSLv3 on Tomcat APR/Native using the
following configuration: SSLProtocol="TLSv1", it seems that the effect is
that besides the SSLv3 protocol even the TL
That isn't working for tomcat 6, it will only accept TLSv1 for the
SSLProtocol entry, and that results in in using TLS1.0 only.
On 10/15/2014 7:48 AM, Giles Coochey wrote:
On 15/10/2014 13:42, John Blaut wrote:
Hi
Following the recent announcement of the SSLv3 POODLE vulnerability
(CVE-2014-3
Thanks for your reply.
Kindly note that for SSL on Tomcat, I do not use the standard JSSE SSL but
OpenSSL via APR/native.
According to the documentation, the SSL protocols can be configured in this
manner for APR/native:
"SSLProtocolProtocol which may be used for communicating with clients.
T
I am using Tomcat 7. I can reproduce the issue even on Native 1.1.30.
On Wed, Oct 15, 2014 at 3:00 PM, James Drews wrote:
> That isn't working for tomcat 6, it will only accept TLSv1 for the
> SSLProtocol entry, and that results in in using TLS1.0 only.
>
>
> On 10/15/2014 7:48 AM, Giles Cooche
On 15/10/2014 14:03, John Blaut wrote:
I am using Tomcat 7. I can reproduce the issue even on Native 1.1.30.
Apologies, yes Apr/Native only supports SSLv2, SSLv3 & TLSv1.0
|SSLProtocol|
Protocol which may be used for communicating with clients. The default
value is |all|, which is equiva
When SSLv3 is enabled, it seems TLS1.1 and TLS 1.2 are supported however.
It seems strange that the SSLv3 option controls the availability of TLS1.1
and TLS1.2.
Now that SSLv3 is considered insecure and more people start to disable it,
I suppose many on APR/Native will encounter the same issue.
Is
John,
> On Wednesday, October 15, 2014 6:20 AM, John Blaut
> wrote:
> > When SSLv3 is enabled, it seems TLS1.1 and TLS 1.2 are supported however.
> It seems strange that the SSLv3 option controls the availability of TLS1.1
> and TLS1.2.
>
> Now that SSLv3 is considered insecure and more people
> -Original Message-
> From: Mark Eggers [mailto:its_toas...@yahoo.com.INVALID]
> Sent: Wednesday, October 15, 2014 11:57 AM
> To: Tomcat Users List
> Subject: Re: Disabling SSLv3 with Tomcat ARP/Native but still retaining
> support for TLS 1.1 and TLS 1.2
>
Disabling
>> SSLv3 with Tomcat ARP/Native but still retaining support for TLS
>> 1.1 and TLS 1.2
>>
>> John,
>>
>>
>>> On Wednesday, October 15, 2014 6:20 AM, John Blaut
>> wrote:
>>>> When SSLv3 is enabled, it seems TLS1.1 and TLS 1.2
Thursday, October 16, 2014 11:30 AM
> To: Tomcat Users List
> Subject: Re: Disabling SSLv3 with Tomcat ARP/Native but still retaining
> support for TLS 1.1 and TLS 1.2
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 10/16/2014 9:17 AM, Jeffrey Janner wrote:
&
11 matches
Mail list logo
