tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 51477] Support all protocol combinations in SSLProtocol of APR Connector
Date Thu, 07 Jul 2011 16:00:45 GMT

--- Comment #11 from Marvin Addison <> 2011-07-07 16:00:45 UTC
I tested the patch and verified that SSLv3+TLSv1 works as expected, allowing
SSLv3 and TLSv1, but denying SSLv2 connections.  However, the setting
SSLv2+TLSv1 only allows TLSv1 connections:

$ openssl s_client -connect -tls1
SSL handshake has read 6158 bytes and written 293 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
    Protocol  : TLSv1
$ openssl s_client -connect -ssl2
25335:error:140A90C4:SSL routines:SSL_CTX_new:null ssl method
$ openssl s_client -connect -ssl3
25338:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1102:SSL alert number 40
25338:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message