tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51056] New: Disable / drop support for SSLv2
Date Wed, 13 Apr 2011 18:12:30 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51056

           Summary: Disable / drop support for SSLv2
           Product: Tomcat Native
           Version: 1.1.20
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Library
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: drazzib@drazzib.com


Hi,

SSL 2.0 support got removed from many Debian GNU/Linux (and many others linux
distro) and SSL 2.0 is disabled by default in Internet Explorer 7, Mozilla
Firefox 3, Opera and Safari.

It's use has been deprecated, because of weaknesses in the security of the
protocol. For exemple, http://www.openssl.org/news/secadv_20051011.txt

I propose to simply drop any support for SSLv2 in Tomcat Native lib with the
attached patch.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message