-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jimmy,
On 1/31/15 10:13 AM, Jammy Chen wrote: > Hello Jason, Chris, > > Thanks for you answer and replying. > > I actually already tired that solution linked in the page > https://access.redhat.com/solutions/1232233. but it does not work > at all. > > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" > SSLEnabled="true" scheme="https" secure="true" clientAuth="false" > sslProtocols = "TLSv1,TLSv1.1,TLSv1.2" /> How about "protocols" instead of "sslProtocols"? > Yes, this is common problem whatever the tomcat version is, SSL V3 > is not safe any more, however, newer tomcat has ready > configuration/solution for disable V3. since I am still in old > version so I am looking for solution for version Tomcat/6.0.18. but > no good luck until now. I'm not sure why it's not disabling SSLv3 for you, but another option is to remove all of the ciphers that use CBC. There are a lot of other bad things in 6.0.18 and, probably, the versions of Java being used in these places. The proper mitigation is to upgrade, not to try to configure-around the problem. - -chris > 2015-01-30 22:28 GMT+08:00 Christopher Schultz > <ch...@christopherschultz.net >> : > > Jason, > > On 1/30/15 4:32 AM, Jason Y wrote: >>>> Please refer to https://access.redhat.com/solutions/1232233 > > This link is /slightly/ out of date, in that it is missing > more-recent information (i.e. support for TLSv1.1 and TLSv1.2 in > tcnative versions after 1.1.21. > >>>> By the way, why would you disable SSL? What is your current >>>> problem? I may have the same problem with tomcat 7.0.55... > > > https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUznFoAAoJEBzwKT+lPKRYKE4QAKaKhTPd6ymJbPwsihKREaIW wdUOQysiNj3H+nFvLwILt0PES+2VGjdhLaPTmMPDOBWTbMiBNhv6yXZeFUQ6MkAE +7CCoGqFvse3DY/iBdriqtSH/o/99/jSmCIpVmPwLNfRZjO7t2QSb8y+q0ttuimL wtpRaFM8yWyOf3chgFFyhMmFePT0B6bvinRzde631IcmHJfMIO2etkEBHfDGas22 Q8bzppjk/YGM+3FB1yr/sttWGQZRJD1lGJQjdR/dTg2ajgAHRt6P0JvarzAhGVIY MgGDdp2k85R67gSli5nkvxsfOaFHRWxZA87jQQiWX6QQe+G0Wpq7KaEPbU3rFWx2 Kw6eZwBYn97ads7G3XgkvOc8AZt1FwuP8UAFniuZhAdEeZFMdp4Ka6itMmba//hv cR/+WZ5REZvhA2H2NgfQ+yipDSK0BZCbp/RVz0CnkthTPutwIc5rZs460Vh3sUMI nXhLo2AcRzyo1N994E0xXHB0PKTu3UFKefiMuHQ1FFfo42QSHU9DMRn1Xg9f3eI3 TR1dOaONfw35pmJ8UTKvFoFr9Ci5rO0pwYWIDsztGjci47bysyvdEcnsi353asiu YUYQgaf8XQO946SnVDubyadWbz3A7bJh48rGUS9b9/hMoppep5k5XKaTcw6xfsEh ApCYkxDOIVvfHHRsyPvp =yo3D -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org