tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat 8 HTTPS issue with old browser
Date Tue, 04 Oct 2016 15:20:16 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dave,

On 10/4/16 3:38 AM, Garratt, Dave wrote:
> I have Apache Tomcat 8 working ok with https when I connect to my
> web page using a recent browser (desktop) or iPhone for example.
> However this specific application is designed to run on a Motorola
> MC9090 hand held wireless barcode scanner running a relatively old
> version of Windows Mobile. The browser on that device can only load
> the HTTP page and not the HTTPS page, giving a unable to open page
> message. Speaking to a “expert” on these scanners the consensus of
> opinion is that the type of encryption used by Apache Tomcat 8 is
> more up to date than the mobile devices browser can support. As it
> does not appear likely that the mobile devices are going to be
> updated any time soon I was wondering if its possible to force
> Tomcat to accept deprecated protocols rather than be forced to
> revert to plain HTTP.
> 
> Any ideas or ideally an example of how this might look in a config 
> file would be most appreciated.

The user manual for the MC9090 doesn't say what support that model has
for SSL or TLS. It does mention both SSL and TLS, which is a good sign.

But it might not support certain versions e.g. TLSv1.1 or TLSv1.2. It
might also require the use of an "SSLv2 Hello" handshake which uses
the SSLv2 protocol only for the handshake but won't negotiate SSLv2
for example.

If your server and client cannot agree on a protocol, you won't be
able to communicate. Can you reconfigure the mobile device to use a
different URL? If so, you might be able to set up a web server that is
very locked-down and expected to only be used by that particular
device. If that device can only make insecure web requests, you might
want to decide if you should really still be using it for anything
that requires actual security.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX88iwAAoJEBzwKT+lPKRYYmQP/A827s+M9eS74SR5vvchDHEp
dlcMIg06G31rkgQjbYl8Zuwx3q8q8/MZwo9gg5bjDBL5+sdQ0aepB804X26907fY
XmYOF+l+XW/9m7D/CZxrvkky6AqBe16VHDpvzSV2i3hisHDJdb9LoAPPMXNSg/Wl
f3o9mUQyqP3SixomI4C5eiK1y4kkt1g36bfo+fTWzXEHdQ+CNQZTrXCRBEBKYhcB
jXu8YoM6pCVm/625ro3gi9P+MQwxrb2kMIWI5m2AClVLJZKa8PtG5rASNtaINb8J
IHnhRceOOTAbtCedmYC5YiM6oxweU3yCv2o6hD2pBrpHZ/VG1R0TmGyPcBHhq72S
qMwKAPdg2v+saunIwJg7FZ8RLnos24iY4/7NK3CoQriNC5rdIFrIp6OhH6gdW02H
j6SFdrNHk8lgEhlvV7kWNRBT/lzyD7AVyRjWPGuQcRqEPhHO1ZAQb5DVVAnyjiLB
D/rcmW+hIn57ihkw08hopJ4BcXlULzswsM+lT396u3Uy0M9uW6ln2RYIx00VpqEo
GLT5B3jb/H2rDrwgFI3nhvxJHcWHtd8XvV007AfA264v/dVaSh9rat7fEB965HLY
ULQ8pM28qMZrWioCv8DsxVkzhQE8Nmj9LifcLArmdtNbEHXY4tMr8+O2TexfUWNh
leDCI7B30HQEI7LSeVAF
=ObJT
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message