I don t think you will achieve what you want to via disabling SSL protocol using sslEnabledProtocols. The vulnerability "I think it is due to vulnerability in ssl 3.0 issue." will not stop access to the application. You may want to revert your changes back, and check the firewall settings or anything that can block the ports 8443, 8080 etc... Is there any exception in catalina.out?
-Utkarsh On Tue, Jan 20, 2015 at 2:47 PM, Jason Y <day...@gmail.com> wrote: > Hi folks, > > Recently my application cannot be accessible in browser with https version. > I think it is due to vulnerability in ssl 3.0 issue. > > I checked my tomcat configuration and replaced sslProtocol="TLS" with > sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to disable SSL 3.0. > > <Connector port="8080" protocol="HTTP/1.1" > > connectionTimeout="20000" > > redirectPort="8443" /> > > <Connector port="8443" > > protocol="org.apache.coyote.http11.Http11Protocol" > > maxThreads="150" SSLEnabled="true" scheme="https" > > secure="true" > > clientAuth="false" > > sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="xxx" > > keystorePass="xxx" /> > > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> > > > Then I can open my application https link in browser. BUT, good time never > lasts too long, after several hours, I failed to access my https link > again. > > Anyone has any ideas about this? please share your suggestions...My tomcat > version is 7.0.55 > > Thank you all very much. > > On Tue, Jan 20, 2015 at 3:56 PM, Jason Y <day...@gmail.com> wrote: > > > Hi folks, > > > > Recently my application cannot be accessible in browser with https > > version. I think it is due to vulnerability in ssl 3.0 issue. > > > > I checked my tomcat configuration and replaced sslProtocol="TLS" with > > sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to disable SSL 3.0. > > > > <Connector port="8080" protocol="HTTP/1.1" > >> connectionTimeout="20000" > >> redirectPort="8443" /> > >> <Connector port="8443" > >> protocol="org.apache.coyote.http11.Http11Protocol" > >> maxThreads="150" SSLEnabled="true" scheme="https" > >> secure="true" > >> clientAuth="false" > >> sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="xxx" > >> keystorePass="xxx" /> > >> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> > > > > > > Then I can open my application https link in browser. BUT, good time > never > > lasts too long, after several hours, I failed to access my https link > > again. > > > > Anyone has any ideas about this? please share your suggestions...My > tomcat > > version is 7.0.55 > > > > Thank you all very much. > > >
