Thanks Chris for the response. Yes, I meant SSLv2Hello. I understand the vulnerabilities in SSL. Though some of the client need that flexibility in older versions, so was digging the reason it was working in prior version of Tomcat. Can you help me in identifying any change in Tomcat due to which SSLv2Hello handshake started failing in newer versions of tomcat
On Fri, Feb 19, 2016 at 8:56 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Utkarsh, > > On 2/19/16 7:05 AM, Utkarsh Dave wrote: > > I upgraded my tomcat from 7.0.53 ( that was having SSL protocols > > enable) to 7.0.67 (that has by default SSL protocols disable). > > > > To re enable support for SSLv3 and SSLv2, i modified the server.xml > > inside $TOMCAT_HOME/conf to replace sslProtocol="TLS" with > > sslEnabledProtocols="SSLv2,SSLv3,TLSv1" > > > > I can test the SSLv3 requests successfully now , but SSLv2 requests > > still fails. They were processing through success before the > > upgrade of Tomcat. > > > > I am using the JDK1.6 and Redhat platform and openssl version > > 0.9.8h. > > > > Please let me know if i can enable SSLv2 on the newer Tomcat. > > I think you mean "SSLv2Hello", not "SSLv2". > > But please, just let SSL die. > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlbHNB8ACgkQ9CaO5/Lv0PDdGQCeILtFaOKuhexXOYDSK7MqNski > 3mIAoLWsujDgusq2eoGDNwrL2B3cQyoY > =NlGV > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
