tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Coty Sutherland <csuth...@redhat.com>
Subject Re: More, Re: Question about vulnerability report
Date Mon, 08 Aug 2016 16:59:35 GMT
> Except for one. It seems that whoever is doing the customer's security audit is concerned
with POODLE vulnerability.

To mitigate POODLE you must disable SSLv3 and only use TLS. Please
visit the wiki page for more info:
https://wiki.apache.org/tomcat/Security/POODLE

On Mon, Aug 8, 2016 at 12:35 PM, James H. H. Lampert
<jamesl@touchtonecorp.com> wrote:
> On 7/27/16, 11:59 AM, Mark Thomas wrote:
>
>> ciphers="SSL_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA"
>
>
> Ladies and Gentlemen:
>
> Thanks, Mark; that raises the SSLLabs rating from "F" to "C," and seems to
> have dealt with most of the concerns raised by the customer.
>
> Except for one. It seems that whoever is doing the customer's security audit
> is concerned with POODLE vulnerability.
>
> Can this be dealt with in Tomcat 7 under Java 6? If so, how?
>
> --
> JHHL
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message