Author: markt Date: Wed Jun 21 09:24:41 2017 New Revision: 1799412 URL: http://svn.apache.org/viewvc?rev=1799412&view=rev Log: SSLv2 and SSLv3 are hard-coded coded to be disabled.
Modified: tomcat/trunk/webapps/docs/changelog.xml tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1799412&r1=1799411&r2=1799412&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Wed Jun 21 09:24:41 2017 @@ -222,6 +222,10 @@ and/or stack traces on web application stop and/or start when running under a security manager. (markt) </fix> + <fix> + Correct the TLS configuration documentation to remove SSLv2 and SSLv3 + from the list of supported protocols. (markt) + </fix> </changelog> </subsection> <subsection name="Other"> Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1799412&r1=1799411&r2=1799412&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Wed Jun 21 09:24:41 2017 @@ -1230,8 +1230,8 @@ <p>The names of the protocols to support when communicating with clients. This should be a list of any combination of the following: </p> - <ul><li>SSLv2Hello</li><li>SSLv2</li><li>SSLv3</li><li>TLSv1</li> - <li>TLSv1.1</li><li>TLSv1.2</li><li>all</li></ul> + <ul><li>SSLv2Hello</li><li>TLSv1</li><li>TLSv1.1</li><li>TLSv1.2</li> + <li>all</li></ul> <p>Each token in the list can be prefixed with a plus sign ("+") or a minus sign ("-"). A plus sign adds the protocol, a minus sign removes it form the current list. The list is built starting from --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org