https://issues.apache.org/bugzilla/show_bug.cgi?id=51056
Summary: Disable / drop support for SSLv2
Product: Tomcat Native
Version: 1.1.20
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Library
AssignedTo: [email protected]
ReportedBy: [email protected]
Hi,
SSL 2.0 support got removed from many Debian GNU/Linux (and many others linux
distro) and SSL 2.0 is disabled by default in Internet Explorer 7, Mozilla
Firefox 3, Opera and Safari.
It's use has been deprecated, because of weaknesses in the security of the
protocol. For exemple, http://www.openssl.org/news/secadv_20051011.txt
I propose to simply drop any support for SSLv2 in Tomcat Native lib with the
attached patch.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
