https://bz.apache.org/bugzilla/show_bug.cgi?id=65998
Bug ID: 65998
Summary: TLS1.0 and weak cipher detected after upgrade to
Apache Tomcat 9.
Product: Tomcat 9
Version: 9.0.59
Hardware: PC
Status: NEW
Severity: critical
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: thinagaran.krishnas...@cgi.com
Target Milestone: -----
Hi,
We did recent upgrade from Tomcat 8 to Tomcat 9. Upon our upgrade, we did
Nessus scan and found TLS1.0 is enabled. However, i can't seems to find which
place configure this TLS. As far i checked in Server.XML, we've added
sslEnabledProtocols="TLSv1.2" . In our scan, it says the port using TLS1.0 is
56418. Netstat shows tomcat9 is using this port. However, i cant seems to find
where does this port exactly configure.
-----------------------------------------------------------------------------
netstat -aon | findstr 56418
TCP 0.0.0.0:56418 0.0.0.0:0 LISTENING 17756
TCP [::]:56418 [::]:0 LISTENING 17756
tasklist | findstr 17756
Tomcat9.exe 17756 Services 0 249,044 K
-----------------------------------------------------------------------------
Could you please advise ?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
