I was just forwarded a vulnerability report from one of our customers,
who is on 7.0.67 (as are we), with Java SSL, not OpenSSL (again, as are
we). The gist of it is below.
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) (CVE-2015-4000)
SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK) (CVE-2015-0204)
SSL/TLS EXPORT_DHE <= 512-bit Export Cipher Suites Supported (Logjam)
(CVE-2015-4000)
Can anybody tell me what I'm looking at, and what to do about it?
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
