Re: Disabling SSLv3 with Tomcat ARP/Native but still retaining support for TLS 1.1 and TLS 1.2

. Is there any way to preserve TLS1.1 & TLS1.2 whilst disabling SSLv3? Regards John On Wed, Oct 15, 2014 at 3:09 PM, Giles Coochey wrote: > On 15/10/2014 14:03, John Blaut wrote: > > I am using Tomcat 7. I can reproduce the issue even on Native 1.1.30. > > > > Apolo

Re: Disabling SSLv3 with Tomcat ARP/Native but still retaining support for TLS 1.1 and TLS 1.2

/2014 7:48 AM, Giles Coochey wrote: > > On 15/10/2014 13:42, John Blaut wrote: > > Hi > > Following the recent announcement of the SSLv3 POODLE vulnerability > (CVE-2014-3566), when disabling SSLv3 on Tomcat APR/Native using the > following configuration: SSLProtocol="TLSv1

Re: Disabling SSLv3 with Tomcat ARP/Native but still retaining support for TLS 1.1 and TLS 1.2

at 2:48 PM, Giles Coochey wrote: > On 15/10/2014 13:42, John Blaut wrote: > > Hi > > Following the recent announcement of the SSLv3 POODLE vulnerability > (CVE-2014-3566), when disabling SSLv3 on Tomcat APR/Native using the > following configuration: SSLProtocol="TLSv1&

Disabling SSLv3 with Tomcat ARP/Native but still retaining support for TLS 1.1 and TLS 1.2

Hi Following the recent announcement of the SSLv3 POODLE vulnerability (CVE-2014-3566), when disabling SSLv3 on Tomcat APR/Native using the following configuration: SSLProtocol="TLSv1", it seems that the effect is that besides the SSLv3 protocol even the TLSv1.1 and TLSv1.2 protocols no longer re