tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: avoiding ssl vulnerabilities in tomcat
Date Tue, 04 Aug 2009 09:12:37 GMT
sunil chandran wrote:
> there are some vulnerability existing on my server:
>  
> SSL Server Allows Cleartext Communication Vulnerability 

<snip/>

> Can someone help me identify the place in server.xml file to avoid these vulnerabilties.

You didn't say which Tomcat version so I am going to assume 6.0.20.
Neither did you say which connector you are using. I am going to assume
the default Java blocking IO connector.

The info you require is in the docs. Take a look at the SSL section of
this page:
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message