Hi Chris, Yes. openssl s_client succeeds (displays no exception) when I have sslProtocols="TLSv1" set? The latest releases of our project uses Tomcat 7, but to support older releaes we may not upgrade from Tomcat 6 to 7. Is there any other way to disable SSL in Tomcat 6.
-Utkarsh On Sun, Nov 2, 2014 at 4:47 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Utkarsh, > > On 11/1/14 3:33 PM, Utkarsh Dave wrote: > > Thanks for the response. I am testing using below steps. > > > >> From another machine I am running this command: > > > > openssl s_client -ssl3 -msg -connect <HOST>:<PORT> > > > > > > HOST is the server ip (on the server where actually ssl needs to > > be disabled and server.xml is modified with sslProtocols="TLSv1" ) > > > > PORT is 8443 (tomcat) > > > > > > If the result of above command results in failure. It means SSL is > > disabled. > > Good. > > > How can i know if my JVM recognizes the particular protocol > > string. > > Well, if you use "TLSv1" and Tomcat doesn't emit an error message, > then you should be good. > > So... does openssl s_client succeed when you have sslProtocols="TLSv1" > set? > > You should really upgrade to a more recent version of Tomcat 6.0.x, or > maybe even Tomcat 7.x or 8.x. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJUVWoLAAoJEBzwKT+lPKRY8JIQAIVYkWZJ5UWOxE5uwoZYtzGJ > LUGDUyWP4+JCmWLyXfeiNF/jR/oz2ApTdH0mWF2/Qs1mhDd4VDmgwVg4t8s1MGAd > qXeuV3VP4E4d3CkHhfwy42LFKLt2YjUfiYfip5HNFWta71n6wBs5ey7qJ4cf3gQn > wjg/FY3HjVlR2+flB24TZbetPJyEbhXDi9NKJv7JCXwX8TPAc6ZFEFxl8qIyE9wF > QGu5HbZDsZWU8YuCzypbttyeklX6i3TxUlITIB4SK6DhIklXXGjaOuIRFtZrnvx/ > ATFxgj9xkdkU/9Q/eRKcU9D/lfsxs3P0+IcyXUV6iaquhQ4MZsdSS3zgbD6LuKJC > pbf0SLcQj9+HI51vBWdwkgnlN+84vZcUk/BBBd2X+BJ+OaxuOO9HVBlyAuUUUaCc > UlEbFLf/O5dNa3B6fVSy39NAm0/MzJtCdzNRPcrVp+1hZqiJwqxgVWAOgbwK3Osa > UrbBCzNoFUb0NoGFyFxmgyXCWYHVWwMF/6pBG9IaxKwopU53QbDvCoUJZje7ePpw > jL5r6s8TefRvMo6Qr6/0re7iqFedTy9YYITBXlyUdLlOIsPAu2uYn6AmDKFzSmah > dEAAdNra2WIs0syANZvRSFW/GBuABdeAevaAvIXuNUP8UHjpEEttErv+CVKGJf2Y > P5Tcoa5uWIPY+hAtzfbl > =ctAo > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
