You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by vu pham <vu...@sivell.com> on 2014/10/16 15:32:31 UTC
cannot disable SSL v3
All,
I am running tomcat 7.0.26 with APR on RHEL 5.10 (x86_64) . My
server.xml 's configuration for the https connector is as follows:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1"
SSLCertificateKeyFile="/u01/apache-tomcat-7.0.26/conf/servey_xxx.key"
SSLCertificateFile="/u01/apache-tomcat-7.0.26/conf/server_xxx.crt"
SSLCACertificateFile="/u01/apache-tomcat-7.0.26/conf/SSL123_CA_Bundle.pem"
/>
I also tried sslProtocol with different values of TLS, TLSv1.1, and
TLSv1.2, but the ssl tests such the ones from SSLLabs or Thawte claim
that my server still has SSLv3 enabled.
Any advice is greatly appreciated.
Thanks,
Vu
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cannot disable SSL v3 [SOLVED]
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Deepak,
On 10/17/14 12:21 AM, dkumar@ccilindia.co.in wrote:
> I have removed SSL [cipher] from my configuration. and its working.
> Please let me know is this correct way to solve this.
>
> I am running Tomcat 7.0.22 <Connector port="443" maxThreads="150"
> scheme="https" secure="true" sslProtocol="TLS" SSLEnabled="true"
> ciphers=
The OP said he was using APR. The above configuration does not appear
to be for APR. The JSSE implementation of SSL has no problem with the
various flavors of TLS, provided that you use the documentation to
determine the appropriate configuration.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUQRpdAAoJEBzwKT+lPKRYuY8P/2ozjntnxl124rBD0dVWgGHh
DQPtQnuE8JQlZA4uncGXYqlwVwDG+7KEy5TYo2Zy1O1Qh2JwDDKXssJN9jTYeerF
brNCTUbyN0vhFJbOH9dRkBEpjHQITmN56khOOx/M9tKRuX6ExxNmw0kGLJ8x0hRb
eVkwryyFvFKrLssLelJPn7V/bixk1kaimyE7fmOOwR4EJMC9u1wIFosfd2Z3U3i3
Ud6nBZxIKHHs+Afv9Fr4qgQzRFhqFyA1bgIT2U4sl1nj2lU57kYQX+E1xvKo9LsU
78ldMf/r5NeY416Me+uAlRTI3XmCosyu9jdanBcNEui/uNl27JDO4RiHuhjCn5Ug
5+J6rkxYtKwFsuE4dx72Wxmpj5DYQ+jpLV/nmckjal9Iu8S2JM4GXMzAF0CafsAz
3/YRB2Rwnz1FvFfAIh44brmyoPsWrj/2rpFSyN7tQp/fjbL89GxqDhNaQ7L7v1FM
syt5bspLsyxukyaGp3V/1hyslgqZVip3Aqf0M0lpgRoToUp2XQ9zEOiOslwD1zwg
vSDktZAjOGsHJrr91DfC4+1Ekd3jDPpbwbH4bxDJTjL8Rg9bR/S/rWGWNukAS829
B1tnyQ0l1H6zaU49vIQuHWL+SnAoHCHw6Fha3IglS7nIrFSutx/+Wlqv7j7SpJ7G
lQq98Ei/6wjavXV6LmdW
=fxqH
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cannot disable SSL v3 [SOLVED]
Posted by dk...@ccilindia.co.in.
Hello all,
I have removed SSL cypher from my configuration. and its working.
Please let me know is this correct way to solve this.
I am running Tomcat 7.0.22
<Connector port="443" maxThreads="150"
scheme="https" secure="true"
sslProtocol="TLS" SSLEnabled="true"
ciphers=
Thanks and regards
Deepak
On 10/16/2014 2:38 PM, Vu Pham wrote:
> I believe some village somewhere was missing somebody :)
>
> Reading the tomcat/apr doc
> (http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support) ,
> I found that I have to use SSLProtocol instead of sslProtocol.
Tomcat's case-sensitivity has bitten me more than once!
>
> After making that change, SSLv3 disappear.
>
> Thanks,
> Vu
>
> On 10/16/2014 08:32 AM, vu pham wrote:
>> All,
>>
>> I am running tomcat 7.0.26 with APR on RHEL 5.10 (x86_64) . My
>> server.xml 's configuration for the https connector is as follows:
>>
>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> clientAuth="false" sslProtocol="TLSv1"
>>
>> SSLCertificateKeyFile="/u01/apache-tomcat-7.0.26/conf/servey_xxx.key"
>>
>> SSLCertificateFile="/u01/apache-tomcat-7.0.26/conf/server_xxx.crt"
>>
>>
SSLCACertificateFile="/u01/apache-tomcat-7.0.26/conf/SSL123_CA_Bundle.pem"
>>
>> />
>>
>> I also tried sslProtocol with different values of TLS, TLSv1.1, and
>> TLSv1.2, but the ssl tests such the ones from SSLLabs or Thawte claim
>> that my server still has SSLv3 enabled.
>>
>> Any advice is greatly appreciated.
>>
>> Thanks,
>> Vu
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
"Disclaimer and confidentiality clause -
This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only.
The message may contain information that is confidential and subject to legal privilege.
Any views expressed in this message are those of the individual sender.
If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it .
If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith.
CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference.
CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."
Re: cannot disable SSL v3 [SOLVED]
Posted by David kerber <dc...@verizon.net>.
On 10/16/2014 2:38 PM, Vu Pham wrote:
> I believe some village somewhere was missing somebody :)
>
> Reading the tomcat/apr doc
> (http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support) ,
> I found that I have to use SSLProtocol instead of sslProtocol.
Tomcat's case-sensitivity has bitten me more than once!
>
> After making that change, SSLv3 disappear.
>
> Thanks,
> Vu
>
> On 10/16/2014 08:32 AM, vu pham wrote:
>> All,
>>
>> I am running tomcat 7.0.26 with APR on RHEL 5.10 (x86_64) . My
>> server.xml 's configuration for the https connector is as follows:
>>
>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> clientAuth="false" sslProtocol="TLSv1"
>>
>> SSLCertificateKeyFile="/u01/apache-tomcat-7.0.26/conf/servey_xxx.key"
>>
>> SSLCertificateFile="/u01/apache-tomcat-7.0.26/conf/server_xxx.crt"
>>
>> SSLCACertificateFile="/u01/apache-tomcat-7.0.26/conf/SSL123_CA_Bundle.pem"
>>
>> />
>>
>> I also tried sslProtocol with different values of TLS, TLSv1.1, and
>> TLSv1.2, but the ssl tests such the ones from SSLLabs or Thawte claim
>> that my server still has SSLv3 enabled.
>>
>> Any advice is greatly appreciated.
>>
>> Thanks,
>> Vu
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: cannot disable SSL v3 [SOLVED]
Posted by Vu Pham <vu...@sivell.com>.
I believe some village somewhere was missing somebody :)
Reading the tomcat/apr doc
(http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support) ,
I found that I have to use SSLProtocol instead of sslProtocol.
After making that change, SSLv3 disappear.
Thanks,
Vu
On 10/16/2014 08:32 AM, vu pham wrote:
> All,
>
> I am running tomcat 7.0.26 with APR on RHEL 5.10 (x86_64) . My
> server.xml 's configuration for the https connector is as follows:
>
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLSv1"
>
> SSLCertificateKeyFile="/u01/apache-tomcat-7.0.26/conf/servey_xxx.key"
>
> SSLCertificateFile="/u01/apache-tomcat-7.0.26/conf/server_xxx.crt"
>
> SSLCACertificateFile="/u01/apache-tomcat-7.0.26/conf/SSL123_CA_Bundle.pem"
>
> />
>
> I also tried sslProtocol with different values of TLS, TLSv1.1, and
> TLSv1.2, but the ssl tests such the ones from SSLLabs or Thawte claim
> that my server still has SSLv3 enabled.
>
> Any advice is greatly appreciated.
>
> Thanks,
> Vu
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org