Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9B9154631 for ; Tue, 5 Jul 2011 18:19:51 +0000 (UTC) Received: (qmail 88477 invoked by uid 500); 5 Jul 2011 18:19:50 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 88396 invoked by uid 500); 5 Jul 2011 18:19:50 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 88387 invoked by uid 99); 5 Jul 2011 18:19:49 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Jul 2011 18:19:49 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Jul 2011 18:19:47 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 7404F48D35; Tue, 5 Jul 2011 18:19:26 +0000 (UTC) From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: DO NOT REPLY [Bug 51477] Fix for 51073 Breaks SSLv3+TLSv1 Protocol Support in APR Connector Date: Tue, 05 Jul 2011 18:19:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 7 X-Bugzilla-Component: Connectors X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: marvin.addison@gmail.com X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=51477 --- Comment #5 from Marvin Addison 2011-07-05 18:19:26 UTC --- "SSLv3+TLSv1" value just worked as a synonym to "all" Appears this is correct based on my testing. Setting SSLProtocol="all" in both 7.0.8 and 7.0.16 produced exactly the same results: TLSv1 and SSLv3 are supported but not SSLv2. It appears that our SSLCipherSuite parameter is actually providing the desired behavior: SSLCipherSuite="HIGH:MEDIUM:-SSLv2" So we'll be able to preserve the desired functionality with SSLProtocol="all" in versions 7.0.16 and later. I think there's merit in supporting other protocol combinations that make sense if for no other reason to maintain consistency with mod_ssl directives of the same name, which are eerily similar to APR connector attributes. (I've assumed that similarity is intentional.) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org