You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Utkarsh Dave <ut...@gmail.com> on 2016/02/19 13:05:25 UTC
Enabling SSLv2 on Tomcat 7 !
I upgraded my tomcat from 7.0.53 ( that was having SSL protocols enable) to
7.0.67 (that has by default SSL protocols disable).
To re enable support for SSLv3 and SSLv2, i modified the server.xml inside
$TOMCAT_HOME/conf to replace sslProtocol="TLS" with
sslEnabledProtocols="SSLv2,SSLv3,TLSv1"
I can test the SSLv3 requests successfully now , but SSLv2 requests still
fails.
They were processing through success before the upgrade of Tomcat.
I am using the JDK1.6 and Redhat platform and openssl version 0.9.8h.
Please let me know if i can enable SSLv2 on the newer Tomcat.
-Thanks
Utkarsh
Re: Enabling SSLv2 on Tomcat 7 !
Posted by Aurélien Terrestris <at...@gmail.com>.
Hello,
there are many reasons not to use SSLv2 and this is why JDK6 doesn't
support it. If you're really talking about SSLv2 and not SSLv2
Client-Hello, so you need to use the IBM JSSE implementation. But, I am
unsure that you need this.
best regards
2016-02-19 13:05 GMT+01:00 Utkarsh Dave <ut...@gmail.com>:
> I upgraded my tomcat from 7.0.53 ( that was having SSL protocols enable) to
> 7.0.67 (that has by default SSL protocols disable).
>
> To re enable support for SSLv3 and SSLv2, i modified the server.xml inside
> $TOMCAT_HOME/conf to replace sslProtocol="TLS" with
> sslEnabledProtocols="SSLv2,SSLv3,TLSv1"
>
> I can test the SSLv3 requests successfully now , but SSLv2 requests still
> fails.
> They were processing through success before the upgrade of Tomcat.
>
> I am using the JDK1.6 and Redhat platform and openssl version 0.9.8h.
>
> Please let me know if i can enable SSLv2 on the newer Tomcat.
>
> -Thanks
> Utkarsh
>
Re: Enabling SSLv2 on Tomcat 7 !
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Utkarsh,
On 2/21/16 11:02 AM, Utkarsh Dave wrote:
> Thanks Chris for the response.
> Yes, I meant SSLv2Hello. I understand the vulnerabilities in SSL. Though
> some of the client need that flexibility in older versions, so was digging
> the reason it was working in prior version of Tomcat.
> Can you help me in identifying any change in Tomcat due to which SSLv2Hello
> handshake started failing in newer versions of tomcat
Tomcat needs no other configuration than to specify SSLv2Hello as one of
the protocols to support.
-chris
> On Fri, Feb 19, 2016 at 8:56 PM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
> Utkarsh,
>
> On 2/19/16 7:05 AM, Utkarsh Dave wrote:
>>>> I upgraded my tomcat from 7.0.53 ( that was having SSL protocols
>>>> enable) to 7.0.67 (that has by default SSL protocols disable).
>>>>
>>>> To re enable support for SSLv3 and SSLv2, i modified the server.xml
>>>> inside $TOMCAT_HOME/conf to replace sslProtocol="TLS" with
>>>> sslEnabledProtocols="SSLv2,SSLv3,TLSv1"
>>>>
>>>> I can test the SSLv3 requests successfully now , but SSLv2 requests
>>>> still fails. They were processing through success before the
>>>> upgrade of Tomcat.
>>>>
>>>> I am using the JDK1.6 and Redhat platform and openssl version
>>>> 0.9.8h.
>>>>
>>>> Please let me know if i can enable SSLv2 on the newer Tomcat.
>
> I think you mean "SSLv2Hello", not "SSLv2".
>
> But please, just let SSL die.
>
> -chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Enabling SSLv2 on Tomcat 7 !
Posted by Utkarsh Dave <ut...@gmail.com>.
Thanks Chris for the response.
Yes, I meant SSLv2Hello. I understand the vulnerabilities in SSL. Though
some of the client need that flexibility in older versions, so was digging
the reason it was working in prior version of Tomcat.
Can you help me in identifying any change in Tomcat due to which SSLv2Hello
handshake started failing in newer versions of tomcat
On Fri, Feb 19, 2016 at 8:56 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Utkarsh,
>
> On 2/19/16 7:05 AM, Utkarsh Dave wrote:
> > I upgraded my tomcat from 7.0.53 ( that was having SSL protocols
> > enable) to 7.0.67 (that has by default SSL protocols disable).
> >
> > To re enable support for SSLv3 and SSLv2, i modified the server.xml
> > inside $TOMCAT_HOME/conf to replace sslProtocol="TLS" with
> > sslEnabledProtocols="SSLv2,SSLv3,TLSv1"
> >
> > I can test the SSLv3 requests successfully now , but SSLv2 requests
> > still fails. They were processing through success before the
> > upgrade of Tomcat.
> >
> > I am using the JDK1.6 and Redhat platform and openssl version
> > 0.9.8h.
> >
> > Please let me know if i can enable SSLv2 on the newer Tomcat.
>
> I think you mean "SSLv2Hello", not "SSLv2".
>
> But please, just let SSL die.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlbHNB8ACgkQ9CaO5/Lv0PDdGQCeILtFaOKuhexXOYDSK7MqNski
> 3mIAoLWsujDgusq2eoGDNwrL2B3cQyoY
> =NlGV
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Enabling SSLv2 on Tomcat 7 !
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Utkarsh,
On 2/19/16 7:05 AM, Utkarsh Dave wrote:
> I upgraded my tomcat from 7.0.53 ( that was having SSL protocols
> enable) to 7.0.67 (that has by default SSL protocols disable).
>
> To re enable support for SSLv3 and SSLv2, i modified the server.xml
> inside $TOMCAT_HOME/conf to replace sslProtocol="TLS" with
> sslEnabledProtocols="SSLv2,SSLv3,TLSv1"
>
> I can test the SSLv3 requests successfully now , but SSLv2 requests
> still fails. They were processing through success before the
> upgrade of Tomcat.
>
> I am using the JDK1.6 and Redhat platform and openssl version
> 0.9.8h.
>
> Please let me know if i can enable SSLv2 on the newer Tomcat.
I think you mean "SSLv2Hello", not "SSLv2".
But please, just let SSL die.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlbHNB8ACgkQ9CaO5/Lv0PDdGQCeILtFaOKuhexXOYDSK7MqNski
3mIAoLWsujDgusq2eoGDNwrL2B3cQyoY
=NlGV
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org