Hi Chris, Thanks for the response. I am testing using below steps.
>From another machine I am running this command: openssl s_client -ssl3 -msg -connect <HOST>:<PORT> HOST is the server ip (on the server where actually ssl needs to be disabled and server.xml is modified with sslProtocols="TLSv1" ) PORT is 8443 (tomcat) If the result of above command results in failure. It means SSL is disabled. How can i know if my JVM recognizes the particular protocol string. -Thanks Utkarsh On Sat, Nov 1, 2014 at 12:52 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Utkarsh, > > On 10/31/14 11:52 AM, Utkarsh Dave wrote: > > Nothing helped much. Please let me know how can i disable SSL in > > Tomcat 6.0.37. > > > > I tried below configuration in server.xml on Tomcat 6.0.37 > > > > <Connector port="8443" > > protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" > > SSLEnabled="true" scheme="https" secure="true" clientAuth="false" > > sslProtocols = "TLSv1" > > > > The same with sslEnabledProtocols instead of sslProtocols worked > > for Tomcat 7. I am also following solution at > > https://access.redhat.com/solutions/1232233 > > The configuration attributes "protocols", "sslProtocols", and > "sslEnabledProtocols" are all equivalent in Tomcat 6.0.38 and later. > Before Tomcat 6.0.38, "protocols" and "sslProtocols" are equivalent. > > So it shouldn't really matter which one you use. But since you are > using 6.0.37, then you definitely can't use "sslEnabledProtocols". > > So.. what's the problem? With the above configuration, what protocols > end up being enabled? How are you performing your testing? > > You are using the Java BIO connector so it's using JSSE for crypto. > Those settings you have should work. The default for "sslProtocol" is > "TLS" which should get you pretty much everything, and restricting > sslProtocols to "TLSv1" should get you only TLSv1, as long as your JVM > recognizes that particular protocol string. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJUU+FoAAoJEBzwKT+lPKRYHscQAIRhapwkrWIhVvGv6GJxkUVV > uhWrZQm/mBj4+kGCy+/Ca3b9oE6i5IKAQCLRxF5sVDABplZcAM80w8HSAXcSUtXd > vw1lLxZ7/0iwJ5sukceypw+zlbSgsg3OFCDBBpBrk9bikUBVQUN5PCmMxnsyS8X3 > fOMi8hrEbqHSZWu6qPq3I5u4BJVBSvzCpGlF5KXrQH1kovCekULH5HAmQ93V3umL > 6oD06LzF4Qef5x6wUHCRb8Kz7o7xC9Sk+bclvajJx2UCWAH5flEvlT+gR0+ERFbT > B4M6fSvEpdrOHz6jsgixOBkJz1yXsH2d6uNztvtitIwuDCHP6T32xQ3lWvwma4Cn > 3prT1Z+ytJUI3E9MhEwWZ1rWNSZgR/alm3k+zmud9Gm3Msr+Zl61uKKsAQPW8/YG > BlfC4c1PR3VpquhqDP6eSw9E4CP/4LwvO0mQO7+t4ZDSEmxwT9DSBjvy5tjWRqo7 > flmtwFsfVkQ/qwCjgJFRneRYM4+7zJ8IVnEhnXLiXQhZYU8NMAJ1bcxHpd9Yz6O7 > gQXQRlA7bZDW2dgRNsMwimVPovY+36XrS92Bsn8VEcc/uuLx/XyGgcqYnNnhvfjk > UKpB4Uj38zjjBBEnjYnI5JVmDBam5I44Y12eSsxBS0elvBGc3U3Pv8W7ijFz74u7 > NzqKsmZJjk2x5bbHZERQ > =9f5b > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
