https://issues.apache.org/bugzilla/show_bug.cgi?id=51477
--- Comment #11 from Marvin Addison <marvin.addi...@gmail.com> 2011-07-07
16:00:45 UTC ---
I tested the patch and verified that SSLv3+TLSv1 works as expected, allowing
SSLv3 and TLSv1, but denying SSLv2 connections. However, the setting
SSLv2+TLSv1 only allows TLSv1 connections:
$ openssl s_client -connect eiger.middleware.vt.edu:443 -tls1
CONNECTED(00000003)
...
SSL handshake has read 6158 bytes and written 293 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
$ openssl s_client -connect eiger.middleware.vt.edu:443 -ssl2
25335:error:140A90C4:SSL routines:SSL_CTX_new:null ssl method
passed:ssl_lib.c:1453:
$ openssl s_client -connect eiger.middleware.vt.edu:443 -ssl3
CONNECTED(00000003)
25338:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1102:SSL alert number 40
25338:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:539:
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
