https://issues.apache.org/bugzilla/show_bug.cgi?id=51477
--- Comment #5 from Marvin Addison <marvin.addi...@gmail.com> 2011-07-05 18:19:26 UTC --- "SSLv3+TLSv1" value just worked as a synonym to "all" Appears this is correct based on my testing. Setting SSLProtocol="all" in both 7.0.8 and 7.0.16 produced exactly the same results: TLSv1 and SSLv3 are supported but not SSLv2. It appears that our SSLCipherSuite parameter is actually providing the desired behavior: SSLCipherSuite="HIGH:MEDIUM:-SSLv2" So we'll be able to preserve the desired functionality with SSLProtocol="all" in versions 7.0.16 and later. I think there's merit in supporting other protocol combinations that make sense if for no other reason to maintain consistency with mod_ssl directives of the same name, which are eerily similar to APR connector attributes. (I've assumed that similarity is intentional.) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
