Any clues on this? I cant seem to figure it out
Cheers
Stuart
-Original Message-
From: Stuart Fox [mailto:[EMAIL PROTECTED]
Sent: 25 July 2006 16:12
To: 'Tomcat Users List'
Subject: RE: Some tomcat config questions
ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA
ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
You need 4.1.32 for the ciphers parameter to take effect.
Worked a treat, cheers.
Second it says I have UserDir enabled (like apache mod_userdir I assume) but
again I cant find a way to disable it
Hi
First post so be kind :)
I've just run a nessus scan against one of our servers running tomcat 4.1.30
standalone on linux and its highlighed a few problems that I cant find config
options for.
First off is weak ssl ciphers, I've currently got
protocol=SSLv3
Stuart Fox wrote:
ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
You need 4.1.32 for the ciphers parameter to take effect.
Second it says I have UserDir enabled (like apache mod_userdir I assume) but
again I cant find a way to disable it
Remove
Third if I telnet to port 80 and issue GET / HTTP/1.0 the Location header
contain the local ip address not the public one, It's sat behind a firewall.
I tried the server=external ip in each connector but I still get the internal
ip address returned, any way to fix it?
If you want to bind