Utkarsh, On 2/21/16 11:02 AM, Utkarsh Dave wrote: > Thanks Chris for the response. > Yes, I meant SSLv2Hello. I understand the vulnerabilities in SSL. Though > some of the client need that flexibility in older versions, so was digging > the reason it was working in prior version of Tomcat. > Can you help me in identifying any change in Tomcat due to which SSLv2Hello > handshake started failing in newer versions of tomcat
Tomcat needs no other configuration than to specify SSLv2Hello as one of the protocols to support. -chris > On Fri, Feb 19, 2016 at 8:56 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Utkarsh, > > On 2/19/16 7:05 AM, Utkarsh Dave wrote: >>>> I upgraded my tomcat from 7.0.53 ( that was having SSL protocols >>>> enable) to 7.0.67 (that has by default SSL protocols disable). >>>> >>>> To re enable support for SSLv3 and SSLv2, i modified the server.xml >>>> inside $TOMCAT_HOME/conf to replace sslProtocol="TLS" with >>>> sslEnabledProtocols="SSLv2,SSLv3,TLSv1" >>>> >>>> I can test the SSLv3 requests successfully now , but SSLv2 requests >>>> still fails. They were processing through success before the >>>> upgrade of Tomcat. >>>> >>>> I am using the JDK1.6 and Redhat platform and openssl version >>>> 0.9.8h. >>>> >>>> Please let me know if i can enable SSLv2 on the newer Tomcat. > > I think you mean "SSLv2Hello", not "SSLv2". > > But please, just let SSL die. > > -chris >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
