On Fri, Oct 17, 2014 at 1:49 PM, Matthew Hughes <[email protected]> wrote:
> Many SSL clients, notably JDK 6, use the SSLv2Hello protocol to handshake > with the server. Using this protocol does *not* mean you are using SSL 2.0 > or 3.0 for that matter; it is merely a handshake to determine *which* > protocol to use. [http://tools.ietf.org/html/rfc5246#appendix-E.2] > > However, in Apache, if you disable SSLv3 support, this apparently removes > support for the SSLv2Hello protocol. Apache Tomcat has explicit support > for SSLv2Hello; that is, you can enable that, but not enable SSLv3. > > Is there any way to do this in Apache? > not at the present time; this is being discussed currently on the dev@httpd mailing list --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Born in Roswell... married an alien... http://emptyhammock.com/
