-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Baron,
On 1/8/13 9:55 PM, Baron Fujimoto wrote: > However, when I test this by attempting connections with a > script[*] You could use 'sslscan' which is available directly from many Linux package managers. You can also use online tools like Qualys's scanner[1], which tells you which vulnerabilities you might have such as BEAST, CRIME, client-renegotiation, etc. Worth mentioning: I'm not sure how to do such a thing with the JSSE SSL implementation, but if you use APR/native with OpenSSL, you want to enable the "honor server cipher order" flag. Unfortunately, this won't work quite properly with Tomcat right now due to a series of prerequisites that need to fall into place for it to work correctly ([2] and [3]). - -chris [1] https://www.ssllabs.com/ssltest/index.html [2] https://issues.apache.org/bugzilla/show_bug.cgi?id=53481 [3] https://issues.apache.org/bugzilla/show_bug.cgi?id=53969 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEAREIAAYFAlDthjcACgkQ9CaO5/Lv0PDrpwCgr19iDh6kKGKN7jjM6WmkfZFe xH0AniNsKyyjYQnivoCPJmw+koye3AXS =jvUJ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
