Hello Sir, I wish to confirm one more thing. The issue is SSL vulnerability. from the responses, i understood that i need to upgrade to tomcat latest version. As per the team, it is recommended to go for Tomcat 5 in our environment. my quesiton is: Is this vulernability solved in tomcat 5 version?Do i need to perform some additional stuff to avoid this vulnerability?Any modification to be done in server.xml file to avoid the SSL vulnerability
regardsSunil C --- On Tue, 11/8/09, Mark Thomas <ma...@apache.org> wrote: From: Mark Thomas <ma...@apache.org> Subject: Re: avoiding ssl vulnerabilities in tomcat To: "Tomcat Users List" <users@tomcat.apache.org> Date: Tuesday, 11 August, 2009, 4:55 PM sunil chandran wrote: > Hello all, > > OK i will upgrade. > But what all changes required to update to tomcat 5. > what all changes reuired to upgrade to tomcat 4.1.40 You may as well do the job properly and upgrade to 6.0.20. For you app? No changes should be required. For your Tomcat configuration? Start with the clean configuration provided with 6.0.20 and add any modifications you need. Be aware that the config has changed in particular: - the <Logger> element is no longer used - Resource configuration has changed See the docs for the details. Mark > > > > --- On Mon, 10/8/09, Caldarale, Charles R <chuck.caldar...@unisys.com> wrote: > > > From: Caldarale, Charles R <chuck.caldar...@unisys.com> > Subject: RE: avoiding ssl vulnerabilities in tomcat > To: "Tomcat Users List" <users@tomcat.apache.org> > Date: Monday, 10 August, 2009, 7:10 PM > > >> From: sunil chandran [mailto:sunilonweb2...@yahoo.co.in] >> Subject: Re: avoiding ssl vulnerabilities in tomcat >> >> Is there any patch provided so that i can still use the same version >> 4.1.24 itself. > > No, you *must* upgrade. Your reluctance to do so borders on the ridiculous. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > > Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download > Now! http://messenger.yahoo.com/download.php --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Yahoo! recommends that you upgrade to the new and safer Internet Explorer 8. http://downloads.yahoo.com/in/internetexplorer/
