tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert La Ferla <robert.lafe...@o-ms.com>
Subject SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be retried using SSL 3.0.
Date Fri, 15 Oct 2010 16:58:53 GMT
  When users connect to our Tomcat 6.0.29 using Google Chrome, they get 
this warning when they click the security icon:

"The connection had to be retried using SSL 3.0.  This typically means 
that the server is using very old software and may have other security 
issues."

Tomcat is configured using this:

<Connector port="xxx" address="xxxx" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="100" scheme="https" secure="true" 
enableLooks="false" compression="on"
                keystoreFile="xxxx/certificate.keystore" keystorePass="xxxx"
                clientAuth="false" sslProtocol="TLS" />

I believe we are using  OpenSSL 0.9.8f on Solaris 10.  Not sure how to 
tell which SSL library tomcat is using.

How do I fix this?  We have to support multiple browser/versions: IE6, 
IE7, IE8, FF, Chrome...  so whatever solution should allow for this.


-- 
- --
Robert La Ferla
VP Engineering
OMS SafeHarbor

This message (and any attachments) contains confidential information and is protected by law.
 If you are not the intended recipient, you should delete this message and are hereby notified
that any disclosure, copying, distribution, or the taking of any action based on this message,
is strictly prohibited.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message