Re: Unable to disable SSL in Tomcat 6 for poodle Vulnerability!

2014-11-13 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Utkarsh, On 11/12/14 5:43 AM, Utkarsh Dave wrote: Ignoring the option to upgrade to Tomcat 7, i tried to configure server.xml in several differrent ways, but yet SSL protocol was enable. I see below update on Tomcat site (

Re: Unable to disable SSL in Tomcat 6 for poodle Vulnerability!

2014-11-12 Thread Utkarsh Dave
Ignoring the option to upgrade to Tomcat 7, i tried to configure server.xml in several differrent ways, but yet SSL protocol was enable. I see below update on Tomcat site ( http://ci.apache.org/projects/tomcat/tomcat6/docs/changelog.html ) about poodle fixes. Disable SSLv3 by default for the

Re: Unable to disable SSL in Tomcat 6 !

2014-11-02 Thread Utkarsh Dave
Hi Chris, Yes. openssl s_client succeeds (displays no exception) when I have sslProtocols=TLSv1 set? The latest releases of our project uses Tomcat 7, but to support older releaes we may not upgrade from Tomcat 6 to 7. Is there any other way to disable SSL in Tomcat 6. -Utkarsh On Sun, Nov 2,

Re: Unable to disable SSL in Tomcat 6 !

2014-11-02 Thread Hassan Schroeder
On Sun, Nov 2, 2014 at 10:09 AM, Utkarsh Dave utkarshkd...@gmail.com wrote: Is there any other way to disable SSL in Tomcat 6. How many ways do you need? The process described in this thread works as indicated with 6.0.37. -- Hassan Schroeder

Re: Unable to disable SSL in Tomcat 6 !

2014-11-01 Thread Utkarsh Dave
Hi Chris, Thanks for the response. I am testing using below steps. From another machine I am running this command: openssl s_client -ssl3 -msg -connect HOST:PORT HOST is the server ip (on the server where actually ssl needs to be disabled and server.xml is modified with sslProtocols=TLSv1 )

Re: Unable to disable SSL in Tomcat 6 !

2014-11-01 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Utkarsh, On 11/1/14 3:33 PM, Utkarsh Dave wrote: Thanks for the response. I am testing using below steps. From another machine I am running this command: openssl s_client -ssl3 -msg -connect HOST:PORT HOST is the server ip (on the

Re: Unable to disable SSL in Tomcat 6 !

2014-10-31 Thread Utkarsh Dave
Nothing helped much. Please let me know how can i disable SSL in Tomcat 6.0.37. I tried below configuration in server.xml on Tomcat 6.0.37 Connector port=8443 protocol=org.apache.coyote.http11.Http11Protocol maxThreads=150 SSLEnabled=true scheme=https secure=true

Re: Unable to disable SSL in Tomcat 6 !

2014-10-31 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Utkarsh, On 10/31/14 11:52 AM, Utkarsh Dave wrote: Nothing helped much. Please let me know how can i disable SSL in Tomcat 6.0.37. I tried below configuration in server.xml on Tomcat 6.0.37 Connector port=8443

Re: Unable to disable SSL in Tomcat 6 !

2014-10-30 Thread Mark Thomas
On 30/10/2014 16:38, Utkarsh Dave wrote: Hello all, To avoid poodle vulnerability we are trying to disable SSL v3 and all its versions through below configuration. Connector port=8443 protocol=org.apache.coyote.http11.Http11Protocol maxThreads=150 SSLEnabled=true