Utkarsh,
On 2/21/16 11:02 AM, Utkarsh Dave wrote:
> Thanks Chris for the response.
> Yes, I meant SSLv2Hello. I understand the vulnerabilities in SSL. Though
> some of the client need that flexibility in older versions, so was digging
> the reason it was working in prior version of Tomcat.
> Can y
Thanks Chris for the response.
Yes, I meant SSLv2Hello. I understand the vulnerabilities in SSL. Though
some of the client need that flexibility in older versions, so was digging
the reason it was working in prior version of Tomcat.
Can you help me in identifying any change in Tomcat due to which S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Utkarsh,
On 2/19/16 7:05 AM, Utkarsh Dave wrote:
> I upgraded my tomcat from 7.0.53 ( that was having SSL protocols
> enable) to 7.0.67 (that has by default SSL protocols disable).
>
> To re enable support for SSLv3 and SSLv2, i modified the server.x
Hello,
there are many reasons not to use SSLv2 and this is why JDK6 doesn't
support it. If you're really talking about SSLv2 and not SSLv2
Client-Hello, so you need to use the IBM JSSE implementation. But, I am
unsure that you need this.
best regards
2016-02-19 13:05 GMT+01:00 Utkarsh Dave :
I upgraded my tomcat from 7.0.53 ( that was having SSL protocols enable) to
7.0.67 (that has by default SSL protocols disable).
To re enable support for SSLv3 and SSLv2, i modified the server.xml inside
$TOMCAT_HOME/conf to replace sslProtocol="TLS" with
sslEnabledProtocols="SSLv2,SSLv3,TLSv1"
I