tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53344] New: Cannot use SSLv3+TLSv1 in Http11AprProtocol
Date Fri, 01 Jun 2012 11:34:09 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53344

          Priority: P2
            Bug ID: 53344
          Assignee: dev@tomcat.apache.org
           Summary: Cannot use SSLv3+TLSv1 in Http11AprProtocol
          Severity: major
    Classification: Unclassified
                OS: All
          Reporter: 1983-01-06@gmx.net
          Hardware: All
            Status: NEW
           Version: 6.0.35
         Component: Connectors
           Product: Tomcat 6

The SSLProtocol parameter does not allow the combination of SSLv3+TLSv1 which
is actually highly preferred. The underlying libtcnative supports that (since
1.1.21: Support arbitrary protocol combinations of SSLv2, SSLv3 and TLSv1.
(rjung)) though. APR supports that anyway.

Please add support to use both of them. I have created a patch to make that
work. Documentation has to be adapted accordingly.
A sslcan on the Tomcat servers shows full support from APR and OpenSSL:

$ sslscan <host>:18443 | grep Accepted
    Accepted  SSLv3  256 bits  DHE-RSA-AES256-SHA
    Accepted  SSLv3  256 bits  ADH-AES256-SHA
    Accepted  SSLv3  256 bits  AES256-SHA
    Accepted  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  SSLv3  168 bits  ADH-DES-CBC3-SHA
    Accepted  SSLv3  168 bits  DES-CBC3-SHA
    Accepted  SSLv3  128 bits  DHE-RSA-AES128-SHA
    Accepted  SSLv3  128 bits  ADH-AES128-SHA
    Accepted  SSLv3  128 bits  AES128-SHA
    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  ADH-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  ADH-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  ADH-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message