Re: How-to disable SSL V3 on Tomcat 6.0.18.0

2015-02-01 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jimmy, On 1/31/15 10:13 AM, Jammy Chen wrote: > Hello Jason, Chris, > > Thanks for you answer and replying. > > I actually already tired that solution linked in the page > https://access.redhat.com/solutions/1232233. but it does not work > at all

Re: How-to disable SSL V3 on Tomcat 6.0.18.0

2015-01-31 Thread Jammy Chen
Hello Jason, Chris, Thanks for you answer and replying. I actually already tired that solution linked in the page https://access.redhat.com/solutions/1232233. but it does not work at all. Yes, this is common problem whatever the tomcat version is, SSL V3 is not safe any more, however, newer

Re: How-to disable SSL V3 on Tomcat 6.0.18.0

2015-01-30 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jason, On 1/30/15 4:32 AM, Jason Y wrote: > Please refer to https://access.redhat.com/solutions/1232233 This link is /slightly/ out of date, in that it is missing more-recent information (i.e. support for TLSv1.1 and TLSv1.2 in tcnative versions af

Re: How-to disable SSL V3 on Tomcat 6.0.18.0

2015-01-30 Thread Jason Y
Hi Jammy, Please refer to https://access.redhat.com/solutions/1232233 When using Tomcat with the JSSE connectors, the SSL protocol to be used can be configured via $TOMCAT_HOME/conf/server.xml. The following example shows how the sslProtocol in an https connector is configured. Tomcat 5 and 6 (p

Re: How-to disable SSL V3 on Tomcat 6.0.18.0

2015-01-29 Thread Terence M. Bandoian
On 1/29/2015 10:02 AM, Jammy Chen wrote: Hello Chuck, Thanks for replying, I understood this is old, our product has already upgraded to latest version, but somehow, some of our users are still in such old stage, they do not plan uptake now but they want disable SSL V3 as everybody know this is

Re: How-to disable SSL V3 on Tomcat 6.0.18.0

2015-01-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jammy, On 1/29/15 11:02 AM, Jammy Chen wrote: > Thanks for replying, I understood this is old, our product has > already upgraded to latest version, but somehow, some of our users > are still in such old stage, they do not plan uptake now but they >

Re: How-to disable SSL V3 on Tomcat 6.0.18.0

2015-01-29 Thread Jammy Chen
Hello Chuck, Thanks for replying, I understood this is old, our product has already upgraded to latest version, but somehow, some of our users are still in such old stage, they do not plan uptake now but they want disable SSL V3 as everybody know this is big security vulnerability. *so now the i

RE: How-to disable SSL V3 on Tomcat 6.0.18.0

2015-01-29 Thread Caldarale, Charles R
> From: Jammy Chen [mailto:jamm...@gmail.com] > Subject: How-to disable SSL V3 on Tomcat 6.0.18.0 > Do everybody knows how-to disable SSL v3 in older tomcat version > Server version: Apache Tomcat/6.0.18 > Server built: Jul 22 2008 02:00:36 Yes - move up to a current level and read the docs.