sunil chandran wrote: > Hello sir, > > I am sorry. I am using tomcat 4
Tomcat 4 is no longer supported. You *really* need to upgrade. > <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" > port="8443" minProcessors="5" maxProcessors="150" > enableLookups="true" > acceptCount="100" debug="0" scheme="https" secure="true" > useURIValidationHack="false" disableUploadTimeout="true"> Again, read the docs. If you must use Tomcat 4 (and that is a bad idea) you should not be using the Factory element. > <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" > keystoreFile=".keystore" keystorePass="mypass" > clientAuth="false" protocol="TLS" /> > </Connector> > > this is the portion of server.xml. I have anabled ssl. > > still there is some vulnerabilities as informed by supprot team. They say > that tomcat is configured to access without authentication. > > 1. is it true? Maybe. > 2. How can we confirm if the tomcat SSL is configure using any algorithm to > authenticate or “none”. With clientAuth="false" authentication will be controlled by your app's web.xml. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
