On Aug 25, 2013, at 9:58 AM, Michael-O <1983-01...@gmx.net> wrote: > 1. Did you configure mod_ssl and APR Connector the same way? I'm not sure how to make sure that they are configured identically. The syntax in server.xml is not identical to the syntax in apache2.conf. For example, in Apache's ssl.conf file, the directive: SSLProtocol all -SSLv2
Does not work the same way in server.xml. In my connector element, I tried setting an attribute SSLProtocol="all -SSLv2", but that wouldn't parse at startup. I've tried SSLProtocol="TLSv1+SSLv3" and SSLProtocol="ALL", and they all fail with a connection reset message on the client. I also tried setting SSLCipherSuite="HIGH:!ADH" as you recommended, as well as "HIGH:MEDIUM:!aNULL:!MD5" which is the way I have it in Apache (the default value), but that didn't make any difference. > 2. Did you inspect the traffic with Wireshark? Help me a lot. I haven't used Wireshark, although I have called 'System.setProperty( "javax.net.debug", "all" )' which seems to give the same results in the Java console. > > Maybe you are running in a cypher mismatch too. What we do use is "TLSv1" and > "HIGH:!ADH". Everything below TLSv1 is outdated and insecure. Though TLSv1 is > (very) old too but it is the best match at the moment. > > Michael --Jesse Barnum, President, 360Works http://www.360works.com Product updates and news on http://facebook.com/360Works (770) 234-9293 == Don't lose your data! http://360works.com/safetynet/ for FileMaker Server ==
