Dear Amith,
Thanks... I will me more detailed.
We don't use Apache HTTPD or ngnix. It's just tomcat7. Below is my
connector configuration.
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https"
secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile=" "
keystorePass=" "/>
Regards,
Amith
Can you use sslEnabledProtocols="TLSv1.2,TLSv1.1" SSLEnabled="true" in
connector tag as below.
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https"
secure="true"
clientAuth="false" sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2,TLSv1.1" SSLEnabled="true"
keystoreFile=" "
keystorePass=" "/>
Thanks and Regards
Deepak
-----Original Message-----
From: Olaf Kock [mailto:tom...@olafkock.de]
Sent: Friday, April 08, 2016 9:29 AM
To: users@tomcat.apache.org
Subject: Re: Appscan Issues
Am 08.04.2016 um 15:17 schrieb Kikkeri, Amith:
> Hi,
> Appscan was performed on our application and 2 issues were encountered.
Could anyone please let me know how to resolve these issues ? We use
tomcat7.
>
> Browser Exploit Against SSL/TLS (a.k.a. BEAST)
> RC4 cipher suites were detected
> (Remove support of SSLv3/TLS1.0 cipher suites with CBC.)
Sure. Remove SSL support.
Seriously: With the level of information that you give, what's the level
of detail that you expect back?
Are you using tomcat only? Do you front it with Apache httpd? nginx? Any
loadbalancer or SSL-Terminator (pardon the use of SSL here)? If you only
have tomcat, what's the configuration of your https connector? Which of
the options that are documented in the connector's documentation (
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support or
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html among others) do
you need help with?
Olaf
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
"Disclaimer and confidentiality clause -
This message and any attachments relating to official business of CCIL OR ANY
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original
addressee only.
The message may contain information that is confidential and subject to legal
privilege.
Any views expressed in this message are those of the individual sender.
If you have received this message in error, please notify the original sender
immediately and destroy the message and copies thereof and any attachments
contained in it .
If you are not the intended recipient of this message, you are hereby notified
that you must not disseminate, copy, use, distribute, or take any action in
connection therewith.
CCIL cannot ensure that the integrity of this communication has been
maintained nor that it is free of errors, viruses, interception and/or
interference.
CCIL is not liable whatsoever for loss or damage resulting from the opening of
this message and/or attachments and/or the use of the information contained in
this message and/or attachments."
