If we haven't tried to remove it in 5 years it might be worth another look :)
On Wed, Apr 17, 2019 at 3:49 AM jean-frederic clere <jfcl...@gmail.com> wrote: > On 16/04/2019 13:28, Coty Sutherland wrote: > > Hi, > > > > It appears that the IBM JDK (version 8) has dropped support for > SSLv2Hello > > so when you startup tomcat with the IBM JDK you get a warning saying that > > the protocol is being skipped. OpenJDK seems to have dropped it in > version > > 12 or 13 (I haven't tested, just noticed a user list thread about it) so > I > > guess we should look at dropping support for SSLv2Hello whenever Tomcat's > > minimum JDK is one of those versions? Is there a document somewhere I can > > add this too so it doesn't get forgotten? > > > > > > > > Thanks, > > Coty > > > > See > > https://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html > basically java5/6 clients need SSLv2Hello. > > I remember removing SSLv2Hello broke tests in 2004 and we had to put > SSLv2Hello back... > > -- > Cheers > > Jean-Frederic > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
