On 7/27/16, 9:20 AM, Mark Thomas wrote:
Take a look at this:
http://wiki.apache.org/tomcat/Security/Ciphers
I've done some further research, and according to cve.mitre.org,
CVE-2015-0204 appears to be very specific to OpenSSL. CVE-2015-4000, on
the other hand, appears to be a problem.
Tomcat running on IBM Midrange systems, so far as I know, is JSSE-only.
At least, I've never heard of a way to use OpenSSL on an IBM Midrange
System.
You should be able to achieve the
same results with 7.0.67 by specifying specific ciphers.
And how do I do that for a Tomcat installation using JSSE?
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org