Re: TLS+SSLv3 but no SSLv2

2010-01-25 Thread Jens Neu
List users@tomcat.apache.org cc Subject Re: TLS+SSLv3 but no SSLv2 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 12:51 PM, Jens Neu wrote: Christopher, maybe that was a bit premature, running with SSLCipher=-ALL:+HIGH:+MEDIUM:!SSLv2: openssl s_client -ssl2 -connect

Re: TLS+SSLv3 but no SSLv2

2010-01-25 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/25/2010 8:16 AM, Jens Neu wrote: Chris, thanks for all your help, everyting is up and running. I settled for 'ALL:!EXP:!LOW:!SSLv2' which is exaclty what I need. You should take a look at this guy's tool, here:

TLS+SSLv3 but no SSLv2

2010-01-22 Thread Jens Neu
Dear all, on http://tomcat.apache.org/tomcat-6.0-doc/apr.html I read for the SSLProtocol: Protocol which may be used for communicating with clients. The default is all, with other acceptable values being SSLv2, SSLv3, TLSv1, and SSLv2+SSLv3. Does this really mean that I can not allow a

RE: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Caldarale, Charles R
From: Jens Neu [mailto:jens@biotronik.com] Subject: TLS+SSLv3 but no SSLv2 Does this really mean that I can not allow a TLSv1+SSLv3 setting while forbidding SSLv2? I was under the impression that specifying TLSv1 would include SSLv3, since there are provisions within TLS to handle

RE: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Jens Neu
-2412 Mail: jens@biotronik.de Caldarale, Charles R chuck.caldar...@unisys.com 01/22/2010 05:42 PM Please respond to Tomcat Users List users@tomcat.apache.org To Tomcat Users List users@tomcat.apache.org cc Subject RE: TLS+SSLv3 but no SSLv2 From: Jens Neu [mailto:jens

Re: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 11:10 AM, Jens Neu wrote: on http://tomcat.apache.org/tomcat-6.0-doc/apr.html I read for the SSLProtocol: Protocol which may be used for communicating with clients. The default is all, with other acceptable values being

Re: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Jens Neu
) 30 68905-2412 Mail: jens@biotronik.de Christopher Schultz ch...@christopherschultz.net 01/22/2010 06:05 PM Please respond to Tomcat Users List users@tomcat.apache.org To Tomcat Users List users@tomcat.apache.org cc Subject Re: TLS+SSLv3 but no SSLv2 -BEGIN PGP SIGNED MESSAGE

Re: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 12:30 PM, Jens Neu wrote: Christopher, my Problem is that I have a requirement that SSLv2 shall be forbidden, but not SSLv3 and TLS. On top, also forbidden are ciphers =128bit. I was hoping to tackle this with

Re: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Jens Neu
Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de Christopher Schultz ch...@christopherschultz.net 01/22/2010 06:36 PM Please respond to Tomcat Users List users@tomcat.apache.org To Tomcat Users List users@tomcat.apache.org cc Subject Re: TLS+SSLv3 but no SSLv2

Re: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Jens Neu
Christopher, maybe that was a bit premature, running with SSLCipher=-ALL:+HIGH:+MEDIUM:!SSLv2: openssl s_client -ssl2 -connect server:8443 CONNECTED(0003) ... --- Ciphers common between both SSL endpoints: RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5 EXP-RC2-CBC-MD5 DES-CBC-MD5

Re: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 12:51 PM, Jens Neu wrote: Christopher, maybe that was a bit premature, running with SSLCipher=-ALL:+HIGH:+MEDIUM:!SSLv2: openssl s_client -ssl2 -connect server:8443 CONNECTED(0003) --- SSL handshake has read 1135