tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Unable to disable SSL in Tomcat 6 for poodle Vulnerability!
Date Thu, 13 Nov 2014 14:37:37 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Utkarsh,

On 11/12/14 5:43 AM, Utkarsh Dave wrote:
> Ignoring the option to upgrade to Tomcat 7, i tried to configure 
> server.xml in several differrent ways, but yet SSL protocol was 
> enable. I see below update on Tomcat site ( 
> http://ci.apache.org/projects/tomcat/tomcat6/docs/changelog.html ) 
> about poodle fixes. Disable SSLv3 by default for the APR/native 
> HTTPS connector. Disable SSLv3 by default (along with SSLv2 which 
> was already disabled by default) in light of the recently
> announced POODLE vulnerability Are these being worked upon. Can you
> please tell me

Not only have they been worked upon, but they have been committed to
the source repository.

There has been a vote on 6.0.42 and the vote failed because of markt's
discovery that sslEnabledProtocols wasn't working for the NIO
connector. If you are not using the NIO connector and you don't need
binaries, you can pull the 6.0.42 "non-release" from this subversion tag:

http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_42/

I believe the sslEnabledProtocols for the NIO connector was the only
problem identified with that release.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUZMIxAAoJEBzwKT+lPKRYas8QAJxvrrS1iMXe/x9d7Ls6Jieo
pDTHpjPL/vRDj3t3g/lpuEihqeVIqDgnTRqMSIYSDfYU2gYG/lvTeAJc59c9wO4K
8O9IQ1WX6Yij3EqKCtXnekAdb2Aubyg2bzcEIGYpMIJ0TJTbOPT2EpN5PQ4FR23P
ril8oTh99bVQe6vZ5mJ4VKJFEjnvtFIwx8s1jBsEishWm2C3XRrTK7mBRfgC8X2J
B1pZtFgeXqUZM9+2gRoxJj+9kgy0PzSa0oZm8wU6xjoquh7xszMpxp/zrNTfvp83
RwVLmgnVA7Jwy7e991XBe8GtvA+WWemcVPK/uMYx40ErWXQvF7pSxV4mioDGnDyy
3riMkiWnLbIBzmF17mhcXDp5v9nyGjCvqg1inngjiJG/IXg84TcWgqcn2KeCRxnk
CGt46nrSNcvX1w+tKIv7AA5NlVQH++YPtNa3ocvo6Z8t4Wc36pXk6WJPcoJnFIfh
45tcCbYG+3dwzh/hgy8pUIpZN8/2JWVphcvyCNIavSCj07j3IubaUULTKU8pHXCh
OBQH7MHNjN1sJmdOiLKZqk7NlBjScRPwIFNkGtU5nOc2qsmjbYJjy0+9b5n0ZQLL
bWzNAoese4lOSxNAWFRft8w6LZ5nn1hp+zwM3rq4dJ67DL646wCpRYRCSnN2mOiy
/xGURUpM1gM8CpllJWZU
=e2U1
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message