[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: Enabling SSLv2 on Tomcat 7 !
From:       Christopher Schultz <chris () christopherschultz ! net>
Date:       2016-02-21 23:42:38
Message-ID: 56CA4B6E.6090808 () christopherschultz ! net
[Download RAW message or body]

Utkarsh,

On 2/21/16 11:02 AM, Utkarsh Dave wrote:
> Thanks Chris for the response.
> Yes, I meant SSLv2Hello. I understand the vulnerabilities in SSL. Though
> some of the client need that flexibility in older versions, so was digging
> the reason it was working in prior version of Tomcat.
> Can you help me in identifying any change in Tomcat due to which SSLv2Hello
> handshake started failing in newer versions of tomcat

Tomcat needs no other configuration than to specify SSLv2Hello as one of
the protocols to support.

-chris

> On Fri, Feb 19, 2016 at 8:56 PM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
> 
> Utkarsh,
> 
> On 2/19/16 7:05 AM, Utkarsh Dave wrote:
>>>> I upgraded my tomcat from 7.0.53 ( that was having SSL protocols
>>>> enable) to 7.0.67 (that has by default SSL protocols disable).
>>>>
>>>> To re enable support for SSLv3 and SSLv2, i modified the server.xml
>>>> inside $TOMCAT_HOME/conf to replace sslProtocol="TLS" with
>>>> sslEnabledProtocols="SSLv2,SSLv3,TLSv1"
>>>>
>>>> I can test the SSLv3 requests successfully now , but SSLv2 requests
>>>> still fails. They were processing through success before the
>>>> upgrade of Tomcat.
>>>>
>>>> I am using the JDK1.6 and Redhat platform and openssl version
>>>> 0.9.8h.
>>>>
>>>> Please let me know if i can enable SSLv2 on the newer Tomcat.
> 
> I think you mean "SSLv2Hello", not "SSLv2".
> 
> But please, just let SSL die.
> 
> -chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]