tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Coty Sutherland <csuth...@apache.org>
Subject Re: SSLv2Hello "Protocol" Support
Date Wed, 17 Apr 2019 18:37:30 GMT
On Wed, Apr 17, 2019 at 2:18 PM Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Coty,
>
> On 4/16/19 07:28, Coty Sutherland wrote:
> > Hi,
> >
> > It appears that the IBM JDK (version 8) has dropped support for
> > SSLv2Hello so when you startup tomcat with the IBM JDK you get a
> > warning saying that the protocol is being skipped. OpenJDK seems to
> > have dropped it in version 12 or 13 (I haven't tested, just noticed
> > a user list thread about it) so I guess we should look at dropping
> > support for SSLv2Hello whenever Tomcat's minimum JDK is one of
> > those versions? Is there a document somewhere I can add this too so
> > it doesn't get forgotten?
>
> How many / how often are these error messages generated? Just when the
> server starts? Or with every connection?
>

Yeah, just the Connector startup warning.


>
> If you get a warning on startup, I'd say that's not a big deal. It
> would be a much bigger deal to kill a user's server for clients who
> must use SSLv2Hello handshakes (which are hopefully dwindling to zero
> ... about 5 years ago).
>
> I think handling questions about how to get rid of a warning would be
> better than handling questions about how to get servers back up and
> running.
>

:) True. I just wanted to point out that it was still lingering and mark it
for removal at some point since the JDKs are dropping support too.


>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3bgQACgkQHPApP6U8
> pFhXMA/+IKU/gdhks6BJgGpM5CuPIqEFHOYqzomDnmGEcg9q51pLVGiy5Md58fLV
> 8vIyZpDftg04tt65S1DKWNY7mNg3LzegAEW0JyElXGSwMd9SQx38yFNlddqAlzCe
> Swjt1bFu7frCvaDE40BCsz7Enw0CdRTEm6daSyZI93CeLm0jKDn7cigGhPQr36jV
> 5oXmtvnC8hpes3ELsfh//WC4u2QCqZ76uCeVkbKXACDJI5nIjcoVofL/kotPWUcC
> /W2lNjxwJ5ACWM3yMUoAy12MpXv19nHZT5k+cbxgZJyKe47LBD2c6B5HbkYzHGac
> wNbuv/vjACDa48DhTSR6BtYlJexWooPmwvZoLJKilIx+UlQveg+cIg1LLkr/g1iZ
> 3ftBCxZK9g27s5CnD+VlB2CG4lZ+nSFFU3OUfOEVwgbkVhch6rJqWRTCgBpKC0jH
> LwB6bKz66vPe3uRqJ7JLBTYJn9UenvxUeASkRQmISa43jn/S60STTfDGeMTmopsU
> BsyLP3HZY3ktzdKOWhncMAzXq5vWVUMm6tw0/GAvOGhNTnGAcb7iwR8/RUfXTpLR
> D8yb01h4/bDgDLXdc0ZDV1uNJ6XKVoDdP52doHaiC/bEv9ElZkDiYB7MepiplVO0
> Ti52xTsebV6MPPW8ZP2HBN6bBT3ndm8uXItTCuiGw72apmdQdPQ=
> =PtbL
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message