tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Can we Enable SSL protocol in Tomcat 7.0.57 ?
Date Wed, 07 Jan 2015 18:47:34 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Utkarsh,

On 1/7/15 1:57 AM, Utkarsh Dave wrote:
> Thanks for the response. So would the desired changes in server.xml
> will be sslEnabledProtocols="SSL,TLS"

I think you want sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv3".
You might optionally want to enable SSLv2Hello as well if it doesn't
get done for you, and your clients require it.

- -chris

> On Tue, Jan 6, 2015 at 1:47 PM, Mark Thomas <markt@apache.org>
> wrote:
> 
>> On 06/01/2015 07:46, Utkarsh Dave wrote:
>>> Hi Team,
>>> 
>>> My project is planning to upgrade to Tomcat 7.0.57 that has the
>>> fix for POODLE vulnerability and have the SSL protocol disable
>>> by default. We were up till now using the manual configuration
>>> change in server.xml
>> in
>>> order to disable use of SSL.
>>> 
>>> My questions is that after upgrading to Tomcat 7.0.57, is there
>>> any
>> similar
>>> configuraion change available, through which we can re enable
>>> SSL
>> protocols
>>> again.
>> 
>> Yes. The only change in 7.0.57 is to the defaults. The
>> configuration attributes for SSL/TLS protocols that you used to
>> exclude SSL can now be used to restore SSL support if required.
>> 
>> Mark
>> 
>> 
>> ---------------------------------------------------------------------
>>
>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
>> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUrX9FAAoJEBzwKT+lPKRYd+gP/RfHxz/QfFqanlFnJmwEmJQw
LpC0jlOSw0IgsWaI2eC9Kkcun0+bRF2gw5v++5MOgyeXPfJf1VX/atuJycKsQM7c
x3r9zM1tJijYNmQq7MGjs/4OITLs/LFPfzmKZ2L3p3Azek/4vg2ccSXRnquebOP3
f1FZkpSgK7Okbg6neE+qEsZWqrugaHv2gqmmpuRqEsCg/OiN3ARnxRDz/btv56M0
QgZuO4zNF4lH2am2NDQuRFrM8KJVWziblBcXVKId5nbuROWFRuUaKYuEZP+uV4ni
dxZmy7Uf9bnZ3OVdIFQ6zV/L1K/Edz7BpvTg6BH7o3bEhIU8i45XfiAldr7Ofi+q
K75s+CKjYyNTMKbHQfLd7kU4X9xX1p8aK9iXmoMmBVzrOtcwmJzxPWoGsedEKysh
E+vFQtIwlQ8NlmsEloqTxp+H2PDs84/zOOaPfAn5GzXulN5zJFMqYFrUOF5VkJDA
U8tbvhp088wgKFQ+Byiowmr65gbWhuSYZ66VypbBUoMbZ+UI48wd8sTnpF7QGO2c
UMd4/yzG0vofC0o1xvRvHKDvGOTYRlhnXzDpsCVfQm/GB0Tyou+AHcxXh2rBcjTm
i3uzQ1ogMVQ7zaenf/hyz2ewItF7fHqsEwISDJgZWNDFJce24ke5++//r08gNltv
2al97qrgBwLWHzsQ84wA
=P4QG
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message