You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2022/04/08 10:01:00 UTC
[Bug 65998] New: TLS1.0 and weak cipher detected after upgrade to Apache Tomcat 9.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65998
Bug ID: 65998
Summary: TLS1.0 and weak cipher detected after upgrade to
Apache Tomcat 9.
Product: Tomcat 9
Version: 9.0.59
Hardware: PC
Status: NEW
Severity: critical
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: thinagaran.krishnasamy@cgi.com
Target Milestone: -----
Hi,
We did recent upgrade from Tomcat 8 to Tomcat 9. Upon our upgrade, we did
Nessus scan and found TLS1.0 is enabled. However, i can't seems to find which
place configure this TLS. As far i checked in Server.XML, we've added
sslEnabledProtocols="TLSv1.2" . In our scan, it says the port using TLS1.0 is
56418. Netstat shows tomcat9 is using this port. However, i cant seems to find
where does this port exactly configure.
-----------------------------------------------------------------------------
netstat -aon | findstr 56418
TCP 0.0.0.0:56418 0.0.0.0:0 LISTENING 17756
TCP [::]:56418 [::]:0 LISTENING 17756
tasklist | findstr 17756
Tomcat9.exe 17756 Services 0 249,044 K
-----------------------------------------------------------------------------
Could you please advise ?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65998] TLS1.0 and weak cipher detected after upgrade to Apache Tomcat 9.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65998
Michael Osipov <mi...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--- Comment #1 from Michael Osipov <mi...@apache.org> ---
netstat doesn't show anything, but a listening socket. Provide valueable
information.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65998] TLS1.0 and weak cipher detected after upgrade to Apache Tomcat 9.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65998
Rainer Jung <ra...@kippdata.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65998] TLS1.0 and weak cipher detected after upgrade to Apache Tomcat 9.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65998
--- Comment #2 from Rainer Jung <ra...@kippdata.de> ---
Tomcat does not listen on that port by default. Maybe an application deployed n
your Tomcat opens a listener by itself. Or the JVM due to JVM flags or agents
you loaded, like eg. access for JMX or similar.
Maybe you can find the listening thread in a thread dump of the running JVM
process.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 65998] TLS1.0 and weak cipher detected after upgrade to Apache Tomcat 9.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65998
--- Comment #3 from Rainer Jung <ra...@kippdata.de> ---
Please contact the Tomcat users mailing list for further advice and help to
find the root cause. Since there is no indication of a Tomcat problem here, I
am closing this issue for now.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org