Dear Chris Thanks for your reply How can I know which protocol support my JVM. We are using java1.7.0_40 I have tested with https://www.ssllabs.com/ssltest/index.html
Please let us know is any turnaround in my server.xml configuration to disable SSL v3. Thanks and Regards Deepak -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Deepak, On 10/17/14 11:58 AM, dku...@ccilindia.co.in wrote: > Below is my configuration in server.xml file of tomcat 7.0.22. Upgrade. > <Connector className > ="org.apache.catalina.connector.http.HttpConnector" No such class exists. Which connector are you actually using? A Java connector or the native connector? > port="443" maxHttpHeaderSize="8192" maxThreads="150" > minSpareThreads="25" enableLookups="false" > disableUploadTimeout="true" acceptCount="100" scheme="https" > secure="true" clientAuth="false" sslProtocol="TLS" Use of "sslProtocol" indicates that you are using a Java connector. > SSLEnabled="true" allowUnsafeLegacyRenegotiation="false" > > ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA" Use > of "ciphers" indicates that you are using a Java connector. Please see the documentation for the HTTP connector: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html The "sslProtocol" attribute is documented to use JVM-defined strings. You will need to see what protocols are supported by your JVM. > keystoreFile="*******" keystorePass="***" server=" "> <Factory > className="org.apache.catalina.net.SSLServerSocketFactory" > clientAuth="false" protocol="TLS"/> Why are you configuring an SSLServerSocketFactory here? I don't believe that is even a valid configuration. > </Connector> > > I tried with below changes. 1. sslProtocol changed to SSLProtocol sslProtocol is for Java connectors while SSLProtocol is for the native connector. > 2. Removed SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher from ciphers This configures a single cipher and not a protocol. > 3. sslProtocol ="TLS" changed to sslProtocol ="TLSv1" > > But still unable to disable SSL v3 Did you restart? What were the results? How did you test? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUQUnZAAoJEBzwKT+lPKRYgmYP/3PG61mtnazM/ghZNYV/u0zo CCvWlNaYWjrIEg25o/IvOTnTOhKmyfOkYnJ/9CrTtA8qrrhOnPZQl5wSfYpHWRVS rpIbMy3IuPRqRhugDCmwFeGWZW2PtHagSPj+M8BrYjnthVlHcxDJil5qvDtf+DVu 2iH5VWODtBGHvouQ4OSm/R+1dzmwcgeQrQuTRuhTxfw0+Li+aKG9uAzULECZhwac rI7ziFGNTRXYneSNjRd8HA9zcG0onHJu9iQadBHyjeX1tMiC3zQqvQGgml9djAGL Nv6kyIAQrgwr2Ru79ONWUz3KGllDQMoBrgHHNJHLx0KrFNl9/NfdMOT/+L70YpEB XPnRfVIadmSfNU2bqlpQu6aaU/B5aQhL4LErcgK5njhF2GT7Ed95MYihYDh3BYnR vtv0Ccx6Sa2Mv8ZKm4evo30Epv9SMp4Y2Y+G+Hws78zJoCbVVa8W9juLolQ3iJhT 5w93x+AaXIDGkqr5xBKqEFCUirAIJZNyNmAh/ponTTPyPZS7uJ7Iqnu+So0WTqyt UwNurdQ1cdGqfdaIlS1S/sam0oxEF4UQ0X5CCEQjnbj8DeMBRgiFd35qhQvhTJpH A92dI9NyHpLVYTf39D7VEu3KbNPr5f1t1ClUaRrmKRzPj9FbS+TSYP+7bp01CcNr x0CXTAdCXQlq3P9eon3h =JTST -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."