tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sunil chandran <sunilonweb2...@yahoo.co.in>
Subject avoiding ssl vulnerabilities in tomcat
Date Tue, 04 Aug 2009 07:09:23 GMT
Hello all,
 
there are some vulnerability existing on my server:
 
SSL Server Allows Cleartext Communication Vulnerability 
 
soultion provided by the team was:
 
SOLUTION: 
Disable support for anonymous authentication.
 
SOLUTION: 
Disable ciphers which support cleartext communication.
 
These vulnerabilities still exist on my server as the modifications done on the configuration
file ssl.conf was meant for httpd service which is not being used in my server.
Ports 443 & 8443 where the vulnerabilities were detected are used by the Tomcat service
running on my server.
 
Can someone help me identify the place in server.xml file to avoid these vulnerabilties.
 
regards
Sunil C
 
 


      See the Web&#39;s breaking stories, chosen by people like you. Check out Yahoo!
Buzz. http://in.buzz.yahoo.com/
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message