Re: Re-enabling SSLv3

André Warnier Wed, 18 Feb 2015 03:08:23 -0800

Mark Thomas wrote:

On 18/02/2015 09:11, Mark Thomas wrote:

On 18/02/2015 09:04, André Warnier wrote:


<snip/>

Also, while we are at it : this whole SSL area is - I believe -
hopelessly confusing for anyone (aka me) who does not spend a
considerable amount of time dealing with that kind of setup.
Do you know of any reasonably short and concise introductory article on
the www ? Something which really explains the basics (and the why's) of
what you need to set up a HTTPS webserver, be it Tomcat or something else ?
I believe that some kind of "wrap-up" article in the FAQ would really
help, and you seem to be our resident expert here.

Maybe this?

https://www.feistyduck.com/books/bulletproof-ssl-and-tls/

You can download a PDF of the first chapter that explains a lot of the
basics for free.


I forgot this:
http://people.apache.org/~markt/presentations/2014-04-09-Tomcat-SSL.pdf


I quickly went through these two documents, and they are really a good base.

But I believe that a useful addition/summary to those, would be to use the basic series ofsteps as given in [http://marc.info/?l=tomcat-user&m=106692394104667&w=2] (possibly withcorrections), and make a table like :

(hoping this does not get terminally garbled by wrapping)

Step   short description                     Used item/attribute
                                  with Java Connector            with APR 
Connector

1      browser sends hello        client: list of algorithms   client: list of 
algorithms
                                  attribute: ???               attribute: ???
                                  file: ???                    file: ???

2      server sends               server: certificate          server: 
certificate
       certificate and            attributes:                  attributes:
       nonce                       - keystoreType ?             - 
SSLCertificateFile ?
                                   - keystoreFile ?             - 
SSLCertificateKeyFile ?
                                  file: xxx.p12  (1)            file: 
xxx-cert.pem (2)

etc...

(1) when/how does this get generated ?
(2) when/how does this get generated ?



see what I mean ?

I'd offer to create that table, but I am such a nincompoop regarding SSL/TLS, that Icannot even tell if the list of steps is correct or not.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Re-enabling SSLv3

Reply via email to