[prev in list] [next in list] [prev in thread] [next in thread]
List: tomcat-user
Subject: Re: Enabling SSLv2 on Tomcat 7 !
From: Christopher Schultz <chris () christopherschultz ! net>
Date: 2016-02-21 23:42:38
Message-ID: 56CA4B6E.6090808 () christopherschultz ! net
[Download RAW message or body]
Utkarsh,
On 2/21/16 11:02 AM, Utkarsh Dave wrote:
> Thanks Chris for the response.
> Yes, I meant SSLv2Hello. I understand the vulnerabilities in SSL. Though
> some of the client need that flexibility in older versions, so was digging
> the reason it was working in prior version of Tomcat.
> Can you help me in identifying any change in Tomcat due to which SSLv2Hello
> handshake started failing in newer versions of tomcat
Tomcat needs no other configuration than to specify SSLv2Hello as one of
the protocols to support.
-chris
> On Fri, Feb 19, 2016 at 8:56 PM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
> Utkarsh,
>
> On 2/19/16 7:05 AM, Utkarsh Dave wrote:
>>>> I upgraded my tomcat from 7.0.53 ( that was having SSL protocols
>>>> enable) to 7.0.67 (that has by default SSL protocols disable).
>>>>
>>>> To re enable support for SSLv3 and SSLv2, i modified the server.xml
>>>> inside $TOMCAT_HOME/conf to replace sslProtocol="TLS" with
>>>> sslEnabledProtocols="SSLv2,SSLv3,TLSv1"
>>>>
>>>> I can test the SSLv3 requests successfully now , but SSLv2 requests
>>>> still fails. They were processing through success before the
>>>> upgrade of Tomcat.
>>>>
>>>> I am using the JDK1.6 and Redhat platform and openssl version
>>>> 0.9.8h.
>>>>
>>>> Please let me know if i can enable SSLv2 on the newer Tomcat.
>
> I think you mean "SSLv2Hello", not "SSLv2".
>
> But please, just let SSL die.
>
> -chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic