Am 04.10.2016 um 12:43 schrieb Garratt, Dave: > To elaborate, there is only this single application running on the server. > All other web applications use Windows IIS. > > I have mentioned that the problem is down to the old software on the scanner > but it’s a huge international organisation and making a upgrade to their > entire line of devices is likely to take some time. IMHO you should point out that weakening encryption server-side is nothing but a workaround, valid until the problem has been solved at its root: The barcode scanners need to be upgraded. If you rely on trusted CA certs instead of self-signing them, you might be out of luck when the current certs need to be extended: *None* of the OS's trusted root CAs will issue any SHA-1 certificate any more as of this year. Doublecheck if the scanners can operate on a currently issued cert. Alternatively you will need to roll out your own CA with - more or less - self-signed certificates. Any one of these solutions will do, but they might bite you if they come unsuspected and at an inconvenient time. > However silly it may seem this is a “tick the box” exercise when it comes to > security - HTTPS - yes/no. > > On the assumption that a weak encryption is better than none then I can’t > really argue with the customer. well... at least you can mention it - make an impression by pointing to an insecure requirement that has been made under the assumption of adding security. > Someone did suggest using Apache HTTP server to do the comms - maybe and IIS > connector to Tomcat would accomplish the same ? I've mentioned "Apache httpd (or equivalent webserver of your choice)". In this case IIS seems to be the webserver of your choice. > > As I mentioned before I’m a bit of a novice with the server config. > > Dave > >
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
