Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4715C175ED for ; Fri, 17 Oct 2014 17:49:42 +0000 (UTC) Received: (qmail 58502 invoked by uid 500); 17 Oct 2014 17:49:39 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 58464 invoked by uid 500); 17 Oct 2014 17:49:39 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 58454 invoked by uid 99); 17 Oct 2014 17:49:39 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Oct 2014 17:49:39 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of hughes.matt@gmail.com designates 209.85.216.176 as permitted sender) Received: from [209.85.216.176] (HELO mail-qc0-f176.google.com) (209.85.216.176) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Oct 2014 17:49:13 +0000 Received: by mail-qc0-f176.google.com with SMTP id r5so969227qcx.7 for ; Fri, 17 Oct 2014 10:49:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:message-id:date :to:mime-version; bh=z8pvay+4iT6xsNAs7EYH4ySKdOohuXuEU0noDbPPsgk=; b=ZOav0Od0igjjFeuelUmYyVpP303q3wAzWVRmNRjAOTrkUAlcCrhoY2GuMyNgTmT/UL bFxKQy2lJJ3cWEB2SOSPxQuIFNw3hLcE7rU64INeCg5CM7x2bVL4+pbY7CLvgA4yFUHS ViiuSYTB0FDAnCFaPtrSscy7md2wlG0Uu1eDOjl7LbMiEB90oGDq1lckRZ7feT4Lg/sm Yq0WM0G/KCbKBz/iSwq6dRGtFaGDNPAuF1gJvhjVDKeB8ltKNcLO8PTgKMV2sWg5LiSk WwB3aP9nSYVNWiWzqONEp79eLESToaaQC1CkhVvY0zgtxGJ7nEMbwsDYelkrnOgpAhBY 3VUQ== X-Received: by 10.224.38.130 with SMTP id b2mr14326799qae.11.1413568152351; Fri, 17 Oct 2014 10:49:12 -0700 (PDT) Received: from [10.0.1.5] (c-50-191-8-122.hsd1.pa.comcast.net. [50.191.8.122]) by mx.google.com with ESMTPSA id 46sm1400372qgf.21.2014.10.17.10.49.11 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 17 Oct 2014 10:49:11 -0700 (PDT) From: Matthew Hughes Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: Date: Fri, 17 Oct 2014 13:49:10 -0400 To: users@httpd.apache.org Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\)) X-Mailer: Apple Mail (2.1990.1) X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] mod_ssl, poodle and SSLv2Hello Many SSL clients, notably JDK 6, use the SSLv2Hello protocol to = handshake with the server. Using this protocol does *not* mean you are = using SSL 2.0 or 3.0 for that matter; it is merely a handshake to = determine *which* protocol to use. = [http://tools.ietf.org/html/rfc5246#appendix-E.2] However, in Apache, if you disable SSLv3 support, this apparently = removes support for the SSLv2Hello protocol. Apache Tomcat has explicit = support for SSLv2Hello; that is, you can enable that, but not enable = SSLv3. =20 Is there any way to do this in Apache? =20= --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org