You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2022/04/08 10:01:00 UTC

[Bug 65998] New: TLS1.0 and weak cipher detected after upgrade to Apache Tomcat 9.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65998

            Bug ID: 65998
           Summary: TLS1.0 and weak cipher detected after upgrade to
                    Apache Tomcat 9.
           Product: Tomcat 9
           Version: 9.0.59
          Hardware: PC
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: thinagaran.krishnasamy@cgi.com
  Target Milestone: -----

Hi,

We did recent upgrade from Tomcat 8 to Tomcat 9. Upon our upgrade, we did
Nessus scan and found TLS1.0 is enabled. However, i can't seems to find which
place configure this TLS. As far i checked in Server.XML, we've added
sslEnabledProtocols="TLSv1.2" . In our scan, it says the port using TLS1.0 is
56418. Netstat shows tomcat9 is using this port. However, i cant seems to find
where does this port exactly configure. 

-----------------------------------------------------------------------------
netstat -aon | findstr 56418
  TCP    0.0.0.0:56418          0.0.0.0:0              LISTENING       17756
  TCP    [::]:56418             [::]:0                 LISTENING       17756

tasklist | findstr 17756
Tomcat9.exe                  17756 Services                   0    249,044 K
-----------------------------------------------------------------------------

Could you please advise ?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 65998] TLS1.0 and weak cipher detected after upgrade to Apache Tomcat 9.

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65998

Michael Osipov <mi...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All

--- Comment #1 from Michael Osipov <mi...@apache.org> ---
netstat doesn't show anything, but a listening socket. Provide valueable
information.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 65998] TLS1.0 and weak cipher detected after upgrade to Apache Tomcat 9.

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65998

Rainer Jung <ra...@kippdata.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 65998] TLS1.0 and weak cipher detected after upgrade to Apache Tomcat 9.

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65998

--- Comment #2 from Rainer Jung <ra...@kippdata.de> ---
Tomcat does not listen on that port by default. Maybe an application deployed n
your Tomcat opens a listener by itself. Or the JVM due to JVM flags or agents
you loaded, like eg. access for JMX or similar.

Maybe you can find the listening thread in a thread dump of the running JVM
process.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 65998] TLS1.0 and weak cipher detected after upgrade to Apache Tomcat 9.

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65998

--- Comment #3 from Rainer Jung <ra...@kippdata.de> ---
Please contact the Tomcat users mailing list for further advice and help to
find the root cause. Since there is no indication of a Tomcat problem here, I
am closing this issue for now.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org