Hi Following the recent announcement of the SSLv3 POODLE vulnerability (CVE-2014-3566), when disabling SSLv3 on Tomcat APR/Native using the following configuration: SSLProtocol="TLSv1", it seems that the effect is that besides the SSLv3 protocol even the TLSv1.1 and TLSv1.2 protocols no longer remain available, at least according to the Qualys SSL Labs test: https://www.ssllabs.com/ssltest/
Protocols TLS 1.2 No TLS 1.1 No TLS 1.0 Yes SSL 3 No SSL 2 No Is there an explanation for this? What configuration is required in order to disable SSLv3 (and SSLv2 of course) whilst still retaining support for all TLS 1.0, 1.1 & 1.2? Regards John
