tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: avoiding ssl vulnerabilities in tomcat
Date Tue, 04 Aug 2009 09:12:37 GMT
sunil chandran wrote:
> there are some vulnerability existing on my server:
> SSL Server Allows Cleartext Communication Vulnerability 


> Can someone help me identify the place in server.xml file to avoid these vulnerabilties.

You didn't say which Tomcat version so I am going to assume 6.0.20.
Neither did you say which connector you are using. I am going to assume
the default Java blocking IO connector.

The info you require is in the docs. Take a look at the SSL section of
this page:


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message