tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Chrome reports Tomcat hosted sites as using 'obsolete cryptography'
Date Thu, 26 Mar 2015 20:23:48 GMT
On 26/03/2015 17:30, Egor Philippov wrote:
> Anyone familiar with the warning or know
> whether it represents a real security problem?

That depends on your definition of 'real'. I'm not aware of any viable
attacks but general opinion is that now is the time to take action.

Check your server certificate. The most likely explanation is that it
has a SHA-1 signature. Your CA should be able to provide you with a
replacement with a more secure signature. I know the CAs the ASF uses
have been offering this for 6 months or more.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message