List users@tomcat.apache.org
cc
Subject
Re: TLS+SSLv3 but no SSLv2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jens,
On 1/22/2010 12:51 PM, Jens Neu wrote:
Christopher,
maybe that was a bit premature, running with
SSLCipher=-ALL:+HIGH:+MEDIUM:!SSLv2:
openssl s_client -ssl2 -connect
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jens,
On 1/25/2010 8:16 AM, Jens Neu wrote:
Chris,
thanks for all your help, everyting is up and running. I settled for
'ALL:!EXP:!LOW:!SSLv2'
which is exaclty what I need.
You should take a look at this guy's tool, here:
Dear all,
on http://tomcat.apache.org/tomcat-6.0-doc/apr.html I read for the
SSLProtocol:
Protocol which may be used for communicating with clients. The default is
all, with other acceptable values being SSLv2, SSLv3, TLSv1, and
SSLv2+SSLv3.
Does this really mean that I can not allow a
From: Jens Neu [mailto:jens@biotronik.com]
Subject: TLS+SSLv3 but no SSLv2
Does this really mean that I can not allow a TLSv1+SSLv3 setting
while forbidding SSLv2?
I was under the impression that specifying TLSv1 would include SSLv3, since
there are provisions within TLS to handle
-2412
Mail: jens@biotronik.de
Caldarale, Charles R chuck.caldar...@unisys.com
01/22/2010 05:42 PM
Please respond to
Tomcat Users List users@tomcat.apache.org
To
Tomcat Users List users@tomcat.apache.org
cc
Subject
RE: TLS+SSLv3 but no SSLv2
From: Jens Neu [mailto:jens
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jens,
On 1/22/2010 11:10 AM, Jens Neu wrote:
on http://tomcat.apache.org/tomcat-6.0-doc/apr.html I read for the
SSLProtocol:
Protocol which may be used for communicating with clients. The default is
all, with other acceptable values being
) 30 68905-2412
Mail: jens@biotronik.de
Christopher Schultz ch...@christopherschultz.net
01/22/2010 06:05 PM
Please respond to
Tomcat Users List users@tomcat.apache.org
To
Tomcat Users List users@tomcat.apache.org
cc
Subject
Re: TLS+SSLv3 but no SSLv2
-BEGIN PGP SIGNED MESSAGE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jens,
On 1/22/2010 12:30 PM, Jens Neu wrote:
Christopher,
my Problem is that I have a requirement that SSLv2 shall be forbidden,
but not SSLv3 and TLS. On top, also forbidden are ciphers =128bit. I was
hoping to tackle this with
Network Administration
Phone: +49 (0) 30 68905-2412
Mail: jens@biotronik.de
Christopher Schultz ch...@christopherschultz.net
01/22/2010 06:36 PM
Please respond to
Tomcat Users List users@tomcat.apache.org
To
Tomcat Users List users@tomcat.apache.org
cc
Subject
Re: TLS+SSLv3 but no SSLv2
Christopher,
maybe that was a bit premature, running with
SSLCipher=-ALL:+HIGH:+MEDIUM:!SSLv2:
openssl s_client -ssl2 -connect server:8443
CONNECTED(0003)
...
---
Ciphers common between both SSL endpoints:
RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5
EXP-RC2-CBC-MD5 DES-CBC-MD5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jens,
On 1/22/2010 12:51 PM, Jens Neu wrote:
Christopher,
maybe that was a bit premature, running with
SSLCipher=-ALL:+HIGH:+MEDIUM:!SSLv2:
openssl s_client -ssl2 -connect server:8443
CONNECTED(0003)
---
SSL handshake has read 1135
11 matches
Mail list logo