On 15/10/2010 17:58, Robert La Ferla wrote:
> When users connect to our Tomcat 6.0.29 using Google Chrome, they get
> this warning when they click the security icon:
>
> "The connection had to be retried using SSL 3.0. This typically means
> that the server is using very old software and may have other security
> issues."
>
> Tomcat is configured using this:
>
> <Connector port="xxx" address="xxxx" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="100" scheme="https" secure="true"
> enableLooks="false" compression="on"
> keystoreFile="xxxx/certificate.keystore" keystorePass="xxxx"
> clientAuth="false" sslProtocol="TLS" />
>
> I believe we are using OpenSSL 0.9.8f on Solaris 10. Not sure how to
> tell which SSL library tomcat is using.
Those two statements are not consistent. Your connector config is for
JSSE, not OpenSSL.
Tomcat uses TLS by default[1]. See [2] for other options for sslProtocol
Mark
[1] http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL_Support
[2] http://download.oracle.com/javase/6/docs/api/index.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|