Ignoring the option to upgrade to Tomcat 7, i tried to configure server.xml in several differrent ways, but yet SSL protocol was enable. I see below update on Tomcat site ( http://ci.apache.org/projects/tomcat/tomcat6/docs/changelog.html ) about poodle fixes. Disable SSLv3 by default for the APR/native HTTPS connector. Disable SSLv3 by default (along with SSLv2 which was already disabled by default) in light of the recently announced POODLE vulnerability Are these being worked upon. Can you please tell me
Changelog*Tomcat 6.0.43 (markt)* *Catalina* [image: fix] Assert that mapping result object is empty before performing mapping work in Mapper. (kkolinko) *Coyote* [image: fix] 53952 <http://issues.apache.org/bugzilla/show_bug.cgi?id=53952>: Add support for TLSv1.1 and TLSv1.2 for APR connector. Based upon a patch by Marcel Ĺ ebek. (schultz/jfclere) [image: fix] 57102 <http://issues.apache.org/bugzilla/show_bug.cgi?id=57102>: Fix bug that meant sslEnabledProtocols setting was not recognised for the HTTPS NIO connector. (markt) [image: add] Disable SSLv3 by default for the APR/native HTTPS connector. (markt/schultz) [image: fix] Do not increase remaining counter at end of stream in IdentityInputFilter. (kkolinko) [image: fix] Disable SSLv3 by default (along with SSLv2 which was already disabled by default) in light of the recently announced POODLE vulnerability (CVE-2014-3566). (markt) On Sun, Nov 2, 2014 at 11:56 PM, Hassan Schroeder < hassan.schroe...@gmail.com> wrote: > On Sun, Nov 2, 2014 at 10:09 AM, Utkarsh Dave <utkarshkd...@gmail.com> > wrote: > > > Is there any other way to disable SSL in Tomcat 6. > > How many ways do you need? The process described in this thread > works as indicated with 6.0.37. > > -- > Hassan Schroeder ------------------------ hassan.schroe...@gmail.com > http://about.me/hassanschroeder > twitter: @hassan > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
