tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aydın Toprak <aydin.top...@intengo.com>
Subject Tomcat, Security, Anonymous Authentication
Date Mon, 13 Feb 2006 09:27:08 GMT
Hi,

I have a question about the security issue that I have to cover of my 
server.

I have web service which runs on Tomcat 5.5 with SSL  ...
I have installed all the SSL system on the server and it works fine, 
however as a little advance subject,
I have to recover some security issues,...
 the first one is Disabling anonymous authentication ...
I actually dont know the exact meaning of it an how to fix it...
as far as foundfrom the web, I need to add some lines like

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite
ALL:!aNULL:!ADH:!ADH:!eNULL:!LOW:!EXP:RCA4+RSA:+HIGH:+MEDIUM

 to SOMEWHERE that I dont know and how...
according to web site that I have inspired :) , those lines should be 
added to Apache/mos_ssl, httpd.conf, or ssl.conf ...
but I dont have these files in tomcat directory...

what should I do ?

thank you...



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message