Mark, Our JRE is 1.6.0_17. Below are server.xml entries for connectors minus security tag values. Please suggest changes. Is that all I have to do before Security runs another HP scan? Thanks <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure ="true" clientAuth="false" sslProtocol="TLS" keystoreFile="xxx" keystorePass="xxx" keystoreType="PKCS12" /> - <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" /> - <!-- Define a Proxied HTTP/1.1 Connector on port 8082 --> - <!-- See proxy documentation for more information about using this. --> - <!-- <Connector port="8082" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" acceptCount="100" connectionTimeout="20000" proxyPort="80" disableUploadTimeout="true" />
--> Steve Johnson (619) 237-8315 P Please consider the environment before printing this e-mail. Mark Thomas <ma...@apache.org > To Tomcat Users List 01/19/2010 06:48 <users@tomcat.apache.org> AM cc Subject Please respond to Re: SSLv3/TLS man-in-middle "Tomcat Users vulnerability List" <us...@tomcat.apa che.org> Caterpillar: Confidential Green Retain Until: 02/18/2010 On 19/01/2010 02:31, Steve G. Johnson wrote: > Mark, > Since we do not know how to "switch connectors", or install OpenSSL, and do > not have JDK on the server (only JRE 1.6.0_17), then I suppose the best bet > is to wait until Tomcat is fixed ("coming soon"). You can replace JDK with JRE in what I previously. Switching from BIO to NIO is a simple change to server.xml, if you are interested. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org