Sorry for the OTness, but I'm in a wee bit of a bind here so I
was hoping somebody here would be able to help me out.
I have a web application that used tapestry inside of tomcat to
host certain protected HTTPS pages. I properly set up a certificate, the
security constraints, etc. The relevant pages do, in fact, pop up under
HTTPS. All is well, at least most of the time though.
I have some users though who, for reasons known only to
themselves, are using IE and have turned off SSL 2.0 and SSL 3.0 support.
This, in turn means that all my secure pages fail to load and they complain
the app is "broken". This, in turn, has led me to assume that the way I have
things configured, Tomcat must be using SSL 3.0 even though I don't recall
explicitly choosing an SSL version when I configured this thing.
So, my question is twofold:
1) How do I tell Tomcat to use SSL 1.0?
2) Is there a way for me to detect an SSL version mismatch and
redirect the user to a page that says "turn on SSL 3.0 please" as opposed to
just hitting him with a "page cannot be found".
Basically I'm stumped here; any help would be appreciated.
--- Pat
