RE: Appscan Issues

2016-04-10 Thread dkumar
Thanks and Regards Deepak -Original Message- From: Olaf Kock [mailto:tom...@olafkock.de] Sent: Friday, April 08, 2016 9:29 AM To: users@tomcat.apache.org Subject: Re: Appscan Issues Am 08.04.2016 um 15:17 schrieb Kikkeri, Amith: > Hi, > Appscan was performed on our application a

Re: Appscan Issues

2016-04-09 Thread Mark Thomas
tp://wiki.apache.org/tomcat/Security/Ciphers The best achievable results will depend on the Java version you use and whether or not you use the JCE Unlimited Strength Jurisdiction Policy Files. Mark > > > > Regards, > Amith > > > > -Original Message- &

Re: Appscan Issues

2016-04-09 Thread Olaf Kock
Am 09.04.2016 um 18:20 schrieb Christopher Schultz: > Olaf, > > On 4/8/16 9:49 AM, Olaf Kock wrote: > > > I'm typically configuring a HTTPS end point in Apache httpd and > > forward to tomcat. I feel that the documentation for explicit > > cipher-choice in Apache httpd is a lot better (and more wi

Re: Appscan Issues

2016-04-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Olaf, On 4/8/16 9:49 AM, Olaf Kock wrote: > Am 08.04.2016 um 15:40 schrieb Kikkeri, Amith: >> Thanks... I will me more detailed. We don't use Apache HTTPD or >> ngnix. It's just tomcat7. Below is my connector configuration. >> >> > protocol="org.apac

Re: Appscan Issues

2016-04-08 Thread Olaf Kock
Am 08.04.2016 um 15:40 schrieb Kikkeri, Amith: > Thanks... I will me more detailed. > We don't use Apache HTTPD or ngnix. It's just tomcat7. Below is my connector > configuration. > > maxThreads="150" SSLEnabled="true" scheme="https" secure="true" >clientAuth="fal

RE: Appscan Issues

2016-04-08 Thread Kikkeri, Amith
rg Subject: Re: Appscan Issues Am 08.04.2016 um 15:17 schrieb Kikkeri, Amith: > Hi, > Appscan was performed on our application and 2 issues were encountered. Could > anyone please let me know how to resolve these issues ? We use tomcat7. > > Browser Exploit Against SSL/TLS (a

Re: Appscan Issues

2016-04-08 Thread Olaf Kock
Am 08.04.2016 um 15:17 schrieb Kikkeri, Amith: > Hi, > Appscan was performed on our application and 2 issues were encountered. Could > anyone please let me know how to resolve these issues ? We use tomcat7. > > Browser Exploit Against SSL/TLS (a.k.a. BEAST) > RC4 cipher suites were detected > (R

Appscan Issues

2016-04-08 Thread Kikkeri, Amith
Hi, Appscan was performed on our application and 2 issues were encountered. Could anyone please let me know how to resolve these issues ? We use tomcat7. Browser Exploit Against SSL/TLS (a.k.a. BEAST) RC4 cipher suites were detected (Remove support of SSLv3/TLS1.0 cipher suites with CBC.) Regard