-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Deepak,
On 10/17/14 11:58 AM, dku...@ccilindia.co.in wrote: > Below is my configuration in server.xml file of tomcat 7.0.22. Upgrade. > <Connector className > ="org.apache.catalina.connector.http.HttpConnector" No such class exists. Which connector are you actually using? A Java connector or the native connector? > port="443" maxHttpHeaderSize="8192" maxThreads="150" > minSpareThreads="25" enableLookups="false" > disableUploadTimeout="true" acceptCount="100" scheme="https" > secure="true" clientAuth="false" sslProtocol="TLS" Use of "sslProtocol" indicates that you are using a Java connector. > SSLEnabled="true" allowUnsafeLegacyRenegotiation="false" > > ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA" Use > of "ciphers" indicates that you are using a Java connector. Please see the documentation for the HTTP connector: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html The "sslProtocol" attribute is documented to use JVM-defined strings. You will need to see what protocols are supported by your JVM. > keystoreFile="*******" keystorePass="***" server=" "> <Factory > className="org.apache.catalina.net.SSLServerSocketFactory" > clientAuth="false" protocol="TLS"/> Why are you configuring an SSLServerSocketFactory here? I don't believe that is even a valid configuration. > </Connector> > > I tried with below changes. 1. sslProtocol changed to SSLProtocol sslProtocol is for Java connectors while SSLProtocol is for the native connector. > 2. Removed SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher from ciphers This configures a single cipher and not a protocol. > 3. sslProtocol ="TLS" changed to sslProtocol ="TLSv1" > > But still unable to disable SSL v3 Did you restart? What were the results? How did you test? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUQUnZAAoJEBzwKT+lPKRYgmYP/3PG61mtnazM/ghZNYV/u0zo CCvWlNaYWjrIEg25o/IvOTnTOhKmyfOkYnJ/9CrTtA8qrrhOnPZQl5wSfYpHWRVS rpIbMy3IuPRqRhugDCmwFeGWZW2PtHagSPj+M8BrYjnthVlHcxDJil5qvDtf+DVu 2iH5VWODtBGHvouQ4OSm/R+1dzmwcgeQrQuTRuhTxfw0+Li+aKG9uAzULECZhwac rI7ziFGNTRXYneSNjRd8HA9zcG0onHJu9iQadBHyjeX1tMiC3zQqvQGgml9djAGL Nv6kyIAQrgwr2Ru79ONWUz3KGllDQMoBrgHHNJHLx0KrFNl9/NfdMOT/+L70YpEB XPnRfVIadmSfNU2bqlpQu6aaU/B5aQhL4LErcgK5njhF2GT7Ed95MYihYDh3BYnR vtv0Ccx6Sa2Mv8ZKm4evo30Epv9SMp4Y2Y+G+Hws78zJoCbVVa8W9juLolQ3iJhT 5w93x+AaXIDGkqr5xBKqEFCUirAIJZNyNmAh/ponTTPyPZS7uJ7Iqnu+So0WTqyt UwNurdQ1cdGqfdaIlS1S/sam0oxEF4UQ0X5CCEQjnbj8DeMBRgiFd35qhQvhTJpH A92dI9NyHpLVYTf39D7VEu3KbNPr5f1t1ClUaRrmKRzPj9FbS+TSYP+7bp01CcNr x0CXTAdCXQlq3P9eon3h =JTST -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
