tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51477] Support all protocol combinations in SSLProtocol of APR Connector
Date Thu, 07 Jul 2011 16:00:45 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51477

--- Comment #11 from Marvin Addison <marvin.addison@gmail.com> 2011-07-07 16:00:45 UTC
---
I tested the patch and verified that SSLv3+TLSv1 works as expected, allowing
SSLv3 and TLSv1, but denying SSLv2 connections.  However, the setting
SSLv2+TLSv1 only allows TLSv1 connections:

$ openssl s_client -connect eiger.middleware.vt.edu:443 -tls1
CONNECTED(00000003)
...
SSL handshake has read 6158 bytes and written 293 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : TLSv1
$ openssl s_client -connect eiger.middleware.vt.edu:443 -ssl2
25335:error:140A90C4:SSL routines:SSL_CTX_new:null ssl method
passed:ssl_lib.c:1453:
$ openssl s_client -connect eiger.middleware.vt.edu:443 -ssl3
CONNECTED(00000003)
25338:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1102:SSL alert number 40
25338:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:539:

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message