> Except for one. It seems that whoever is doing the customer's security audit > is concerned with POODLE vulnerability.
To mitigate POODLE you must disable SSLv3 and only use TLS. Please visit the wiki page for more info: https://wiki.apache.org/tomcat/Security/POODLE On Mon, Aug 8, 2016 at 12:35 PM, James H. H. Lampert <jam...@touchtonecorp.com> wrote: > On 7/27/16, 11:59 AM, Mark Thomas wrote: > >> ciphers="SSL_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA" > > > Ladies and Gentlemen: > > Thanks, Mark; that raises the SSLLabs rating from "F" to "C," and seems to > have dealt with most of the concerns raised by the customer. > > Except for one. It seems that whoever is doing the customer's security audit > is concerned with POODLE vulnerability. > > Can this be dealt with in Tomcat 7 under Java 6? If so, how? > > -- > JHHL > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
