On 26/03/2015 17:30, Egor Philippov wrote: > Anyone familiar with the warning or know > whether it represents a real security problem?
That depends on your definition of 'real'. I'm not aware of any viable attacks but general opinion is that now is the time to take action. Check your server certificate. The most likely explanation is that it has a SHA-1 signature. Your CA should be able to provide you with a replacement with a more secure signature. I know the CAs the ASF uses have been offering this for 6 months or more. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org