Thanks, Raj, Sanaullah and Dave. I am not sure if it is POODLE issue( http://wiki.apache.org/tomcat/Security/POODLE), this solution is the same with Raj's suggestion.
I will try, thanks. On Tue, Jan 20, 2015 at 5:43 PM, Utkarsh Dave <utkarshkd...@gmail.com> wrote: > I don t think you will achieve what you want to via disabling SSL protocol > using sslEnabledProtocols. > The vulnerability "I think it is due to vulnerability in ssl 3.0 issue." > will not stop access to the application. > You may want to revert your changes back, and check the firewall settings > or anything that can block the ports 8443, 8080 etc... > Is there any exception in catalina.out? > > -Utkarsh > > On Tue, Jan 20, 2015 at 2:47 PM, Jason Y <day...@gmail.com> wrote: > > > Hi folks, > > > > Recently my application cannot be accessible in browser with https > version. > > I think it is due to vulnerability in ssl 3.0 issue. > > > > I checked my tomcat configuration and replaced sslProtocol="TLS" with > > sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to disable SSL 3.0. > > > > <Connector port="8080" protocol="HTTP/1.1" > > > connectionTimeout="20000" > > > redirectPort="8443" /> > > > <Connector port="8443" > > > protocol="org.apache.coyote.http11.Http11Protocol" > > > maxThreads="150" SSLEnabled="true" scheme="https" > > > secure="true" > > > clientAuth="false" > > > sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="xxx" > > > keystorePass="xxx" /> > > > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> > > > > > > Then I can open my application https link in browser. BUT, good time > never > > lasts too long, after several hours, I failed to access my https link > > again. > > > > Anyone has any ideas about this? please share your suggestions...My > tomcat > > version is 7.0.55 > > > > Thank you all very much. > > > > On Tue, Jan 20, 2015 at 3:56 PM, Jason Y <day...@gmail.com> wrote: > > > > > Hi folks, > > > > > > Recently my application cannot be accessible in browser with https > > > version. I think it is due to vulnerability in ssl 3.0 issue. > > > > > > I checked my tomcat configuration and replaced sslProtocol="TLS" with > > > sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to disable SSL 3.0. > > > > > > <Connector port="8080" protocol="HTTP/1.1" > > >> connectionTimeout="20000" > > >> redirectPort="8443" /> > > >> <Connector port="8443" > > >> protocol="org.apache.coyote.http11.Http11Protocol" > > >> maxThreads="150" SSLEnabled="true" scheme="https" > > >> secure="true" > > >> clientAuth="false" > > >> sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="xxx" > > >> keystorePass="xxx" /> > > >> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> > > > > > > > > > Then I can open my application https link in browser. BUT, good time > > never > > > lasts too long, after several hours, I failed to access my https link > > > again. > > > > > > Anyone has any ideas about this? please share your suggestions...My > > tomcat > > > version is 7.0.55 > > > > > > Thank you all very much. > > > > > >
