> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> Subject: RE: SSLv3/TLS man-in-middle vulnerability
>
> If you have to stay with 5.5.23, you'll need to go with the ARP SSL
> connector.
>
> (slap me if I'm still wrong Charles, but I checked the doc a
riginal Message-
From: Steve G. Johnson [mailto:johnson_stev...@solarturbines.com]
Sent: Tuesday, January 19, 2010 10:24 AM
To: Tomcat Users List
Subject: RE: SSLv3/TLS man-in-middle vulnerability
Hi Charles,
FYI: This is in my listener list:
Added the "protocol" entry and n
-in-middle vulnerability
> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> Subject: RE: SSLv3/TLS man-in-middle vulnerability
>
> In particular, he stated that switching to the NIO connector at this
> point wouldn't address it (from my reading of his post), as the fi
> From: Steve G. Johnson [mailto:johnson_stev...@solarturbines.com]
> Subject: RE: SSLv3/TLS man-in-middle vulnerability
>
> FYI: This is in my listener list:
>
If the tcnative library isn't found, the above listener will simply display a
message stating so in the logs, s
n [mailto:johnson_stev...@solarturbines.com]
> Subject: Re: SSLv3/TLS man-in-middle vulnerability
>
> maxThreads="150"
> minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
> disableUploadTimeout=&quo
> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> Subject: RE: SSLv3/TLS man-in-middle vulnerability
>
> In particular, he stated that switching to the NIO connector at this
> point wouldn't address it (from my reading of his post), as the fix
> will require
esday, January 19, 2010 9:29 AM
To: Tomcat Users List
Subject: RE: SSLv3/TLS man-in-middle vulnerability
> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> Subject: RE: SSLv3/TLS man-in-middle vulnerability
>
> For Steve to switch to the APR/native connectors, all he needs to do
in
> From: Steve G. Johnson [mailto:johnson_stev...@solarturbines.com]
> Subject: Re: SSLv3/TLS man-in-middle vulnerability
>
> maxThreads="150"
> minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
> d
> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> Subject: RE: SSLv3/TLS man-in-middle vulnerability
>
> For Steve to switch to the APR/native connectors, all he needs to do in
> this config is download the native libraries and restart, correct?
No, the SSL confi
from the Tomcat website. Follow the
"Tomcat Native" link and get the one for your environment.
Jeff
-Original Message-
From: Steve G. Johnson [mailto:johnson_stev...@solarturbines.com]
Sent: Tuesday, January 19, 2010 9:08 AM
To: Tomcat Users List
Subject: Re: SSLv3/TLS man
Mark,
Our JRE is 1.6.0_17.
Below are server.xml entries for connectors minus security tag values.
Please suggest changes. Is that all I have to do before Security runs
another HP scan?
Thanks
-
-
-
-
Steve Johnson (619) 237-8315 P Please conside
On 19/01/2010 02:31, Steve G. Johnson wrote:
> Mark,
> Since we do not know how to "switch connectors", or install OpenSSL, and do
> not have JDK on the server (only JRE 1.6.0_17), then I suppose the best bet
> is to wait until Tomcat is fixed ("coming soon").
You can replace JDK with JRE in what
Mark,
Since we do not know how to "switch connectors", or install OpenSSL, and do
not have JDK on the server (only JRE 1.6.0_17), then I suppose the best bet
is to wait until Tomcat is fixed ("coming soon").
Steve Johnson (619) 237-8315 P Please consider the environment before
printing this e-ma
On 01/18/2010 10:18 AM, Mark Thomas wrote:
On 18/01/2010 11:03, Steve G. Johnson wrote:
We recently installed Tomcat 5.5.23 in Windows server to support the Infor
WebUI (webtop) application.
We installed a cerificate and are using SSl on port 8443. This all works
fine.
The local IT Security
On 18/01/2010 11:37, Jens Neu wrote:
> Steve,
>
> it is not a vulnerability of Tomcat, nevertheless it can be fixed by it.
> You definitely _should_ fix it, since data integrity can not be assured on
> your https connections any more.
>
> I have little to no Windows experienc; but my understand
On 18/01/2010 11:03, Steve G. Johnson wrote:
>
> We recently installed Tomcat 5.5.23 in Windows server to support the Infor
> WebUI (webtop) application.
> We installed a cerificate and are using SSl on port 8443. This all works
> fine.
>
> The local IT Security team ran an HP "Web Inspect" and i
;
To
Tomcat Users List
cc
Subject
SSLv3/TLS man-in-middle vulnerability
The local IT Security team ran an HP "Web Inspect" and it showed a High
vulnerability for SSLv3/TLS known as CVE-2009-3555.
We are running JVM JRE 1.6.0._17 on the server.
You state on the http://tomcat.apa
We recently installed Tomcat 5.5.23 in Windows server to support the Infor
WebUI (webtop) application.
We installed a cerificate and are using SSl on port 8443. This all works
fine.
The local IT Security team ran an HP "Web Inspect" and it showed a High
vulnerability for SSLv3/TLS known as CVE-20
18 matches
Mail list logo
