sunil chandran wrote: > there are some vulnerability existing on my server: > > SSL Server Allows Cleartext Communication Vulnerability
<snip/> > Can someone help me identify the place in server.xml file to avoid these > vulnerabilties. You didn't say which Tomcat version so I am going to assume 6.0.20. Neither did you say which connector you are using. I am going to assume the default Java blocking IO connector. The info you require is in the docs. Take a look at the SSL section of this page: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org