Hello all,
I have removed SSL cypher from my configuration. and its working.
Please let me know is this correct way to solve this.
I am running Tomcat 7.0.22
<Connector port="443" maxThreads="150"
scheme="https" secure="true"
sslProtocol="TLS" SSLEnabled="true"
ciphers=
Thanks and regards
Deepak
On 10/16/2014 2:38 PM, Vu Pham wrote:
> I believe some village somewhere was missing somebody :)
>
> Reading the tomcat/apr doc
> (http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support) ,
> I found that I have to use SSLProtocol instead of sslProtocol.
Tomcat's case-sensitivity has bitten me more than once!
>
> After making that change, SSLv3 disappear.
>
> Thanks,
> Vu
>
> On 10/16/2014 08:32 AM, vu pham wrote:
>> All,
>>
>> I am running tomcat 7.0.26 with APR on RHEL 5.10 (x86_64) . My
>> server.xml 's configuration for the https connector is as follows:
>>
>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> clientAuth="false" sslProtocol="TLSv1"
>>
>> SSLCertificateKeyFile="/u01/apache-tomcat-7.0.26/conf/servey_xxx.key"
>>
>> SSLCertificateFile="/u01/apache-tomcat-7.0.26/conf/server_xxx.crt"
>>
>>
SSLCACertificateFile="/u01/apache-tomcat-7.0.26/conf/SSL123_CA_Bundle.pem"
>>
>> />
>>
>> I also tried sslProtocol with different values of TLS, TLSv1.1, and
>> TLSv1.2, but the ssl tests such the ones from SSLLabs or Thawte claim
>> that my server still has SSLv3 enabled.
>>
>> Any advice is greatly appreciated.
>>
>> Thanks,
>> Vu
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
"Disclaimer and confidentiality clause -
This message and any attachments relating to official business of CCIL OR ANY
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original
addressee only.
The message may contain information that is confidential and subject to legal
privilege.
Any views expressed in this message are those of the individual sender.
If you have received this message in error, please notify the original sender
immediately and destroy the message and copies thereof and any attachments
contained in it .
If you are not the intended recipient of this message, you are hereby notified
that you must not disseminate, copy, use, distribute, or take any action in
connection therewith.
CCIL cannot ensure that the integrity of this communication has been
maintained nor that it is free of errors, viruses, interception and/or
interference.
CCIL is not liable whatsoever for loss or damage resulting from the opening of
this message and/or attachments and/or the use of the information contained in
this message and/or attachments."
