Re: Disabling SSLv3 with Tomcat ARP/Native but still retaining support for TLS 1.1 and TLS 1.2

Wed, 15 Oct 2014 06:10:21 -0700 

On 15/10/2014 14:03, John Blaut wrote:

I am using Tomcat 7. I can reproduce the issue even on Native 1.1.30.



Apologies, yes Apr/Native only supports SSLv2, SSLv3 & TLSv1.0

|SSLProtocol|
Protocol which may be used for communicating with clients. The default value is |all|, which is equivalent to |SSLv3+TLSv1| with other acceptable values being |SSLv2|, |SSLv3|, |TLSv1| and any combination of the three protocols concatenated with a plus sign. Note that the protocol |SSLv2| is inherently unsafe. 


http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native

--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to