LDAP/Realm with TLS in Tomcat 6/7?

Dear all, is there a lib/method/whatever to achieve Realm Auth in Tomcat > 5.x where username/password are protected by TLS? org.apache.catalina.realm.JNDIRealm works with Tomcat 5, but not in 6 :-( best regards Jens www.biotronik.com BIOTRONIK - Celebrating 50 years of excellence Fou

Jens Neu ist außer Haus.

I will be out of the office starting 08/06/2010 and will not return until 09/13/2010. Please contact Christoph Kaminski (christoph.kamin...@biotronik.com) or Thoralf Freitag (thoralf.frei...@biotronik.com) instead.

Re: TLS+SSLv3 but no SSLv2

ject Re: TLS+SSLv3 but no SSLv2 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 12:51 PM, Jens Neu wrote: > Christopher, > > maybe that was a bit premature, running with > SSLCipher="-ALL:+HIGH:+MEDIUM:!SSLv2": > > openssl s_client -ssl2 -connect

Re: TLS+SSLv3 but no SSLv2

Session-ID-ctx: Master-Key: 3CAC5F9B8889222FFF7E1106232BFE34FC7A2CBD078833E0 Key-Arg : 448CA2E3F880EF06 Start Time: 1264182312 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- Jens Neu Health Services Network Administration Phone: +49 (0) 30 68905

Re: TLS+SSLv3 but no SSLv2

ash: SHA1 Jens, On 1/22/2010 12:30 PM, Jens Neu wrote: > Christopher, > > my "Problem" is that I have a requirement that SSLv2 shall be forbidden, > but not SSLv3 and TLS. On top, also forbidden are ciphers <=128bit. I was > hoping to tackle th

Re: TLS+SSLv3 but no SSLv2

H:+MEDIUM" without manually selecting all ciphers. Since I'm on apr/openssl, I assume that my available ciphers are what gives me "openssl ciphers"? So this leaves me with no other option than crawling through all the ciphers? Certainly looking forward to it ;-) regards

RE: TLS+SSLv3 but no SSLv2

Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de "Caldarale, Charles R" 01/22/2010 05:42 PM Please respond to "Tomcat Users List" To Tomcat Users List cc Subject RE: TLS+SSLv3 but no SSLv2 > From: Jens Neu [mailto:jens@biotronik.com]

TLS+SSLv3 but no SSLv2

Lv2+SSLv3"." Does this really mean that I can not allow a "TLSv1+SSLv3" setting while forbidding SSLv2? It seems so to me, since setting SSLProtocol to this obvioulsy defaults to "ALL" :-( regards Jens Jens Neu Health Services Network Administration Phone: +49 (0)

Re: SSLv3/TLS man-in-middle vulnerability

lever choosing the Tomcat Connector; maybe some Windows- Tomcat Expert jumps on it :) regards Jens Neu Health Services Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de "Steve G. Johnson" 01/18/2010 05:04 PM Please respond to "Tomcat Users List"

Re: CVE-2009-3555 fix in tomcat-native-1.1.19?! [solved]

yes, thats it, zero html write. Thank you for opening my eyes, maybe I should not have done that on a Friday evening :) Totally fixated on that tlsv1 alert I was... regards from Berlin! Jens Neu Health Services Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de

CVE-2009-3555 fix in tomcat-native-1.1.19?!

TES:tlsv1 alert no renegotiation:./ ssl/s3_pkt.c:1053:SSL alert number 100 but certainly no RENEGOTIATION. Any hints? System is CentOS 5.4, packages: openssl-0.9.8e-12.el5 apr-devel-1.2.7-11.el5_3.1 apr-1.2.7-11.el5_3.1 thanks in advance! (probably will be afk for the weekend) regards Jens Neu Healt