-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Utkarsh,
On 11/12/14 5:43 AM, Utkarsh Dave wrote: > Ignoring the option to upgrade to Tomcat 7, i tried to configure > server.xml in several differrent ways, but yet SSL protocol was > enable. I see below update on Tomcat site ( > http://ci.apache.org/projects/tomcat/tomcat6/docs/changelog.html ) > about poodle fixes. Disable SSLv3 by default for the APR/native > HTTPS connector. Disable SSLv3 by default (along with SSLv2 which > was already disabled by default) in light of the recently > announced POODLE vulnerability Are these being worked upon. Can you > please tell me Not only have they been worked upon, but they have been committed to the source repository. There has been a vote on 6.0.42 and the vote failed because of markt's discovery that sslEnabledProtocols wasn't working for the NIO connector. If you are not using the NIO connector and you don't need binaries, you can pull the 6.0.42 "non-release" from this subversion tag: http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_42/ I believe the sslEnabledProtocols for the NIO connector was the only problem identified with that release. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUZMIxAAoJEBzwKT+lPKRYas8QAJxvrrS1iMXe/x9d7Ls6Jieo pDTHpjPL/vRDj3t3g/lpuEihqeVIqDgnTRqMSIYSDfYU2gYG/lvTeAJc59c9wO4K 8O9IQ1WX6Yij3EqKCtXnekAdb2Aubyg2bzcEIGYpMIJ0TJTbOPT2EpN5PQ4FR23P ril8oTh99bVQe6vZ5mJ4VKJFEjnvtFIwx8s1jBsEishWm2C3XRrTK7mBRfgC8X2J B1pZtFgeXqUZM9+2gRoxJj+9kgy0PzSa0oZm8wU6xjoquh7xszMpxp/zrNTfvp83 RwVLmgnVA7Jwy7e991XBe8GtvA+WWemcVPK/uMYx40ErWXQvF7pSxV4mioDGnDyy 3riMkiWnLbIBzmF17mhcXDp5v9nyGjCvqg1inngjiJG/IXg84TcWgqcn2KeCRxnk CGt46nrSNcvX1w+tKIv7AA5NlVQH++YPtNa3ocvo6Z8t4Wc36pXk6WJPcoJnFIfh 45tcCbYG+3dwzh/hgy8pUIpZN8/2JWVphcvyCNIavSCj07j3IubaUULTKU8pHXCh OBQH7MHNjN1sJmdOiLKZqk7NlBjScRPwIFNkGtU5nOc2qsmjbYJjy0+9b5n0ZQLL bWzNAoese4lOSxNAWFRft8w6LZ5nn1hp+zwM3rq4dJ67DL646wCpRYRCSnN2mOiy /xGURUpM1gM8CpllJWZU =e2U1 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
