"Jeff Krug" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > I have a Tomcat 5.5.12 install that is working well (it is a stand-alone > install under Windows 2003 server). I was given a request to make this > install fully FIPS 140-2 compliant, specifically requiring that Tomcat > not allow SSL 3.0 protocol connections (TLS only). My config specifies > sslProtocol="TLS" and everything works fine in terms of defaulting to > TLS, but the default behavior here is to allow SSL 3.0 as well (that is > part of the connection negotiation process, I suppose). > > Is there a way to disallow the SSL 3.0 protocol? >
protocols="TLS" on the <Connector /> tag. > Thanks, > Jeff Krug --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]