You're right. I'd completely forgotten the SSL. Odd, since I do
nothing but SSL here.
As I recall, it's re-issue your certificate in OpenSSL format (or
convert it) and change the SSL specific parameters as follows:
Drop the "sslProtocol" and keystore* attributes and replace with
SSLEngine="on"
SSLCertificateFile="path"
SSLCertificateKeyFile="path"
SSLPassword="password"
Yes, re-issuing the cert or converting it will be a hassle, but is well
documented on the website, as are the above attributes/parameters.
I addressed this as an answer to Mark's original suggestion, and I
quote:
"Right now, the quickest way to fix this is to switch to the
APR/native connector and use 1.1.19"
In particular, he stated that switching to the NIO connector at this
point wouldn't address it (from my reading of his post), as the fix will
require a JDK/JRE fix from the vendor and a workaround isn't available
yet. But the 1.1.19 APR has the workaround available now.
Jeff
-----Original Message-----
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Tuesday, January 19, 2010 9:29 AM
To: Tomcat Users List
Subject: RE: SSLv3/TLS man-in-middle vulnerability
> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> Subject: RE: SSLv3/TLS man-in-middle vulnerability
>
> For Steve to switch to the APR/native connectors, all he needs to do
in
> this config is download the native libraries and restart, correct?
No, the SSL config is completely different. Easier to use the NIO
<Connector>, as Mark suggested.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
******************************* NOTICE *********************************
This message is intended for the use of the individual or entity to which
it is addressed and may contain information that is privileged,
confidential, and exempt from disclosure under applicable law. If the
reader of this message is not the intended recipient or the employee or
agent responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution, or copying
of this communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by reply or by
telephone (call us collect at 512-343-9100) and immediately delete this
message and all its attachments.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
