RE: SSLv3/TLS man-in-middle vulnerability

[Steve G. Johnson]

Hi Charles,
FYI: This is in my listener list:
<Listener className="org.apache.catalina.core.AprLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
/>
  <Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener
className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>

Added the "protocol" entry and now trying to start Tomcat manager results
in "page cannot be displayed". Removing entry it starts.
Added as follows:
<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               protocol="org.apache.coyote.http11.Http11NioProtocol"
               keystoreFile="xxx" keystorePass="xxx" keystoreType="PKCS12"
/>

Steve



Steve Johnson (619) 237-8315 P Please consider the environment before
printing this e-mail.





                                                                       
             "Caldarale,                                               
             Charles R"                                                
             <Chuck.Caldarale@                                          To
             unisys.com>               Tomcat Users List               
                                       <users@tomcat.apache.org>       
             01/19/2010 07:33                                           cc
             AM                                                        
                                                                   Subject
                                       RE: SSLv3/TLS man-in-middle     
             Please respond to         vulnerability                   
               "Tomcat Users                                           
                   List"                                               
             <us...@tomcat.apa                                         
                 che.org>                                              
                                                                       
                                                                       



Caterpillar: Confidential Green                 Retain Until: 02/18/2010




> From: Steve G. Johnson [mailto:johnson_stev...@solarturbines.com]
> Subject: Re: SSLv3/TLS man-in-middle vulnerability
>
>           <Connector port="8443" maxHttpHeaderSize="8192"
> maxThreads="150"
>         minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
>         disableUploadTimeout="true" acceptCount="100" scheme="https"
> secure
>         ="true" clientAuth="false" sslProtocol="TLS" keystoreFile="xxx"
>         keystorePass="xxx" keystoreType="PKCS12" />

Add the following attribute to the above:

protocol="org.apache.coyote.http11.Http11NioProtocol"

Leave the AJP <Connector> alone.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail and
its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org