https://issues.apache.org/bugzilla/show_bug.cgi?id=53344
Priority: P2
Bug ID: 53344
Assignee: dev@tomcat.apache.org
Summary: Cannot use SSLv3+TLSv1 in Http11AprProtocol
Severity: major
Classification: Unclassified
OS: All
Reporter: 1983-01...@gmx.net
Hardware: All
Status: NEW
Version: 6.0.35
Component: Connectors
Product: Tomcat 6
The SSLProtocol parameter does not allow the combination of SSLv3+TLSv1 which
is actually highly preferred. The underlying libtcnative supports that (since
1.1.21: Support arbitrary protocol combinations of SSLv2, SSLv3 and TLSv1.
(rjung)) though. APR supports that anyway.
Please add support to use both of them. I have created a patch to make that
work. Documentation has to be adapted accordingly.
A sslcan on the Tomcat servers shows full support from APR and OpenSSL:
$ sslscan <host>:18443 | grep Accepted
Accepted SSLv3 256 bits DHE-RSA-AES256-SHA
Accepted SSLv3 256 bits ADH-AES256-SHA
Accepted SSLv3 256 bits AES256-SHA
Accepted SSLv3 168 bits EDH-RSA-DES-CBC3-SHA
Accepted SSLv3 168 bits ADH-DES-CBC3-SHA
Accepted SSLv3 168 bits DES-CBC3-SHA
Accepted SSLv3 128 bits DHE-RSA-AES128-SHA
Accepted SSLv3 128 bits ADH-AES128-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits ADH-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 168 bits ADH-DES-CBC3-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits ADH-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
