tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be retried using SSL 3.0.
Date Fri, 15 Oct 2010 17:14:20 GMT
On 15/10/2010 17:58, Robert La Ferla wrote:
>  When users connect to our Tomcat 6.0.29 using Google Chrome, they get
> this warning when they click the security icon:
> 
> "The connection had to be retried using SSL 3.0.  This typically means
> that the server is using very old software and may have other security
> issues."
> 
> Tomcat is configured using this:
> 
> <Connector port="xxx" address="xxxx" protocol="HTTP/1.1" SSLEnabled="true"
>                maxThreads="100" scheme="https" secure="true"
> enableLooks="false" compression="on"
>                keystoreFile="xxxx/certificate.keystore" keystorePass="xxxx"
>                clientAuth="false" sslProtocol="TLS" />
> 
> I believe we are using  OpenSSL 0.9.8f on Solaris 10.  Not sure how to
> tell which SSL library tomcat is using.

Those two statements are not consistent. Your connector config is for
JSSE, not OpenSSL.

Tomcat uses TLS by default[1]. See [2] for other options for sslProtocol

Mark
[1] http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL_Support
[2] http://download.oracle.com/javase/6/docs/api/index.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message