You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Utkarsh Dave <ut...@gmail.com> on 2015/01/06 08:46:13 UTC
Can we Enable SSL protocol in Tomcat 7.0.57 ?
Hi Team,
My project is planning to upgrade to Tomcat 7.0.57 that has the fix for
POODLE vulnerability and have the SSL protocol disable by default.
We were up till now using the manual configuration change in server.xml in
order to disable use of SSL.
My questions is that after upgrading to Tomcat 7.0.57, is there any similar
configuraion change available, through which we can re enable SSL protocols
again.
Please let me know if my question is not clear.
-Thanks
Utkarsh Dave
Re: Can we Enable SSL protocol in Tomcat 7.0.57 ?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Utkarsh,
On 1/7/15 1:57 AM, Utkarsh Dave wrote:
> Thanks for the response. So would the desired changes in server.xml
> will be sslEnabledProtocols="SSL,TLS"
I think you want sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv3".
You might optionally want to enable SSLv2Hello as well if it doesn't
get done for you, and your clients require it.
- -chris
> On Tue, Jan 6, 2015 at 1:47 PM, Mark Thomas <ma...@apache.org>
> wrote:
>
>> On 06/01/2015 07:46, Utkarsh Dave wrote:
>>> Hi Team,
>>>
>>> My project is planning to upgrade to Tomcat 7.0.57 that has the
>>> fix for POODLE vulnerability and have the SSL protocol disable
>>> by default. We were up till now using the manual configuration
>>> change in server.xml
>> in
>>> order to disable use of SSL.
>>>
>>> My questions is that after upgrading to Tomcat 7.0.57, is there
>>> any
>> similar
>>> configuraion change available, through which we can re enable
>>> SSL
>> protocols
>>> again.
>>
>> Yes. The only change in 7.0.57 is to the defaults. The
>> configuration attributes for SSL/TLS protocols that you used to
>> exclude SSL can now be used to restore SSL support if required.
>>
>> Mark
>>
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUrX9FAAoJEBzwKT+lPKRYd+gP/RfHxz/QfFqanlFnJmwEmJQw
LpC0jlOSw0IgsWaI2eC9Kkcun0+bRF2gw5v++5MOgyeXPfJf1VX/atuJycKsQM7c
x3r9zM1tJijYNmQq7MGjs/4OITLs/LFPfzmKZ2L3p3Azek/4vg2ccSXRnquebOP3
f1FZkpSgK7Okbg6neE+qEsZWqrugaHv2gqmmpuRqEsCg/OiN3ARnxRDz/btv56M0
QgZuO4zNF4lH2am2NDQuRFrM8KJVWziblBcXVKId5nbuROWFRuUaKYuEZP+uV4ni
dxZmy7Uf9bnZ3OVdIFQ6zV/L1K/Edz7BpvTg6BH7o3bEhIU8i45XfiAldr7Ofi+q
K75s+CKjYyNTMKbHQfLd7kU4X9xX1p8aK9iXmoMmBVzrOtcwmJzxPWoGsedEKysh
E+vFQtIwlQ8NlmsEloqTxp+H2PDs84/zOOaPfAn5GzXulN5zJFMqYFrUOF5VkJDA
U8tbvhp088wgKFQ+Byiowmr65gbWhuSYZ66VypbBUoMbZ+UI48wd8sTnpF7QGO2c
UMd4/yzG0vofC0o1xvRvHKDvGOTYRlhnXzDpsCVfQm/GB0Tyou+AHcxXh2rBcjTm
i3uzQ1ogMVQ7zaenf/hyz2ewItF7fHqsEwISDJgZWNDFJce24ke5++//r08gNltv
2al97qrgBwLWHzsQ84wA
=P4QG
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Can we Enable SSL protocol in Tomcat 7.0.57 ?
Posted by Utkarsh Dave <ut...@gmail.com>.
Thanks for the response.
So would the desired changes in server.xml will be
sslEnabledProtocols="SSL,TLS"
-Thanks
Utkarsh
On Tue, Jan 6, 2015 at 1:47 PM, Mark Thomas <ma...@apache.org> wrote:
> On 06/01/2015 07:46, Utkarsh Dave wrote:
> > Hi Team,
> >
> > My project is planning to upgrade to Tomcat 7.0.57 that has the fix for
> > POODLE vulnerability and have the SSL protocol disable by default.
> > We were up till now using the manual configuration change in server.xml
> in
> > order to disable use of SSL.
> >
> > My questions is that after upgrading to Tomcat 7.0.57, is there any
> similar
> > configuraion change available, through which we can re enable SSL
> protocols
> > again.
>
> Yes. The only change in 7.0.57 is to the defaults. The configuration
> attributes for SSL/TLS protocols that you used to exclude SSL can now be
> used to restore SSL support if required.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Can we Enable SSL protocol in Tomcat 7.0.57 ?
Posted by Mark Thomas <ma...@apache.org>.
On 06/01/2015 07:46, Utkarsh Dave wrote:
> Hi Team,
>
> My project is planning to upgrade to Tomcat 7.0.57 that has the fix for
> POODLE vulnerability and have the SSL protocol disable by default.
> We were up till now using the manual configuration change in server.xml in
> order to disable use of SSL.
>
> My questions is that after upgrading to Tomcat 7.0.57, is there any similar
> configuraion change available, through which we can re enable SSL protocols
> again.
Yes. The only change in 7.0.57 is to the defaults. The configuration
attributes for SSL/TLS protocols that you used to exclude SSL can now be
used to restore SSL support if required.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org