Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 16150 invoked from network); 4 Aug 2009 07:10:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 4 Aug 2009 07:10:13 -0000 Received: (qmail 71042 invoked by uid 500); 4 Aug 2009 07:10:14 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 70975 invoked by uid 500); 4 Aug 2009 07:10:14 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 70964 invoked by uid 99); 4 Aug 2009 07:10:14 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Aug 2009 07:10:14 +0000 X-ASF-Spam-Status: No, hits=4.5 required=10.0 tests=HTML_EXTRA_CLOSE,HTML_MESSAGE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [202.86.4.133] (HELO n6-vm1.bullet.mail.in.yahoo.com) (202.86.4.133) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 04 Aug 2009 07:10:00 +0000 Received: from [202.86.4.171] by n6.bullet.mail.in.yahoo.com with NNFMP; 04 Aug 2009 07:09:37 -0000 Received: from [203.104.18.55] by t2.bullet.in.yahoo.com with NNFMP; 04 Aug 2009 07:09:36 -0000 Received: from [127.0.0.1] by omp107.mail.in2.yahoo.com with NNFMP; 04 Aug 2009 07:09:24 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 78751.91082.bm@omp107.mail.in2.yahoo.com Received: (qmail 56511 invoked by uid 60001); 4 Aug 2009 07:09:23 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.in; s=s1024; t=1249369763; bh=GgF5gVp2s4CHRlaFcWrxYGjqv0rcjJ6ngCyrE7CmiiY=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=sQciB7h1SBy4l5bh0L7/erTPK70yMNwwoPRpXndSDWsvQaoe5Q4rt5HLWrk5hYBGz56irGw9G6kLrmXYcT3GHpkWzb/Kic83hRW/lPpl4pnnarsQOY8v0D7iGPNmtjyD6jFr1LRlSDC2cV0nZebqw6xoPfwCWQLZ3f6EL9TcqI0= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.in; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=YMLuGQFA5liIteEv3OW8JYbYpUrSfbwPZHDh2TiPEsrb9fbMk8+l0kbLS1qVaTPOVdc3RcSfX1LcbmHge/lZj0j+r9cQcmVSu+dYy7D0pz8A88uguqr4rM6QR+hCKB1WyfBAbqT2mlrjlX6lNuUW3xQq6Zcjs3uS+6bQzXuIVA8=; Message-ID: <845387.55638.qm@web94903.mail.in2.yahoo.com> X-YMail-OSG: 2ygQl2MVM1llA0GE9lxVcOJ.u4I7A.Bgn70ijsuWjYsoD4T7eKiy87cvvcmwWJow9FslGWJhYHPDs7oMEuoHoZ3EakpfHku7NICL5_rA1AQ5uB_Wz2mxqEMHcU_n_CvsA5TqcGd5DXuYPOi.OXj23lhNlvDZIOYS8DYcJKvKKBGOcmSEmZSK0TtEBjiiwpF46TzRg8QFqhEM4saFeK3cD1mH5EuvvEyR5uCmxWdNqTpYvNY- Received: from [160.33.66.118] by web94903.mail.in2.yahoo.com via HTTP; Tue, 04 Aug 2009 12:39:23 IST X-Mailer: YahooMailClassic/6.1.2 YahooMailWebService/0.7.338.1 Date: Tue, 4 Aug 2009 12:39:23 +0530 (IST) From: sunil chandran Subject: avoiding ssl vulnerabilities in tomcat To: users@tomcat.apache.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-399124264-1249369763=:55638" X-Virus-Checked: Checked by ClamAV on apache.org --0-399124264-1249369763=:55638 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hello all, =A0 there are some vulnerability existing on my server: =A0 SSL Server Allows Cleartext Communication Vulnerability=20 =A0 soultion provided by the team was: =A0 SOLUTION:=20 Disable support for anonymous authentication. =A0 SOLUTION:=20 Disable ciphers which support cleartext communication. =A0 These vulnerabilities still exist on my server as the modifications done on= the configuration file=A0ssl.conf was meant for httpd service which is not= being used in my server. Ports 443 & 8443 where the vulnerabilities were detected are used by the To= mcat service running on=A0my server. =A0 Can someone help me identify the place in server.xml file to avoid these vu= lnerabilties. =A0 regards Sunil C =A0 =A0=0A=0A=0A See the Web's breaking stories, chosen by people like= you. Check out Yahoo! Buzz. http://in.buzz.yahoo.com/ --0-399124264-1249369763=:55638--