Hi folks,

Recently my application cannot be accessible in browser with https version.
I think it is due to vulnerability in ssl 3.0 issue.

I checked my tomcat configuration and replaced sslProtocol="TLS" with
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to disable SSL 3.0.

    <Connector port="8080" protocol="HTTP/1.1"
>                connectionTimeout="20000"
>                redirectPort="8443" />
>     <Connector port="8443"
> protocol="org.apache.coyote.http11.Http11Protocol"
>                maxThreads="150" SSLEnabled="true" scheme="https"
> secure="true"
>                clientAuth="false"
> sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="xxx"
> keystorePass="xxx" />
>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />


Then I can open my application https link in browser. BUT, good time never
lasts too long, after several hours, I failed to access my https link
again.

Anyone has any ideas about this? please share your suggestions...My tomcat
version is 7.0.55

Thank you all very much.

On Tue, Jan 20, 2015 at 3:56 PM, Jason Y <day...@gmail.com> wrote:

> Hi folks,
>
> Recently my application cannot be accessible in browser with https
> version. I think it is due to vulnerability in ssl 3.0 issue.
>
> I checked my tomcat configuration and replaced sslProtocol="TLS" with
> sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to disable SSL 3.0.
>
>     <Connector port="8080" protocol="HTTP/1.1"
>>                connectionTimeout="20000"
>>                redirectPort="8443" />
>>     <Connector port="8443"
>> protocol="org.apache.coyote.http11.Http11Protocol"
>>                maxThreads="150" SSLEnabled="true" scheme="https"
>> secure="true"
>>                clientAuth="false"
>> sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="xxx"
>> keystorePass="xxx" />
>>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
>
> Then I can open my application https link in browser. BUT, good time never
> lasts too long, after several hours, I failed to access my https link
> again.
>
> Anyone has any ideas about this? please share your suggestions...My tomcat
> version is 7.0.55
>
> Thank you all very much.
>

Reply via email to