I have a Tomcat 5.5.12 install that is working well (it is a stand-alone install under Windows 2003 server). I was given a request to make this install fully FIPS 140-2 compliant, specifically requiring that Tomcat not allow SSL 3.0 protocol connections (TLS only). My config specifies sslProtocol="TLS" and everything works fine in terms of defaulting to TLS, but the default behavior here is to allow SSL 3.0 as well (that is part of the connection negotiation process, I suppose).
Is there a way to disallow the SSL 3.0 protocol? Thanks, Jeff Krug --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
