Author: markt
Date: Fri Oct 17 14:30:06 2014
New Revision: 1632586
URL: http://svn.apache.org/r1632586
Log:
Disable SSLv3 by default for APR/native
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSL.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/config/http.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1632584
Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSL.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSL.java?rev=1632586&r1=1632585&r2=1632586&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSL.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/jni/SSL.java Fri Oct 17
14:30:06 2014
@@ -72,7 +72,7 @@ public final class SSL {
public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
- public static final int SSL_PROTOCOL_ALL =
(SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
+ public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1);
/*
* Define the SSL verify levels
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1632586&r1=1632585&r2=1632586&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Oct 17 14:30:06 2014
@@ -81,6 +81,9 @@
The change also ensures that SSLv2 is disabled for these connectors
although SSLv2 should already be disabled by default by the JRE.
(markt)
</add>
+ <add>
+ Disable SSLv3 by default for the APT/native HTTPS connector. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Jasper">
Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/http.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/http.xml?rev=1632586&r1=1632585&r2=1632586&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/http.xml Fri Oct 17 14:30:06 2014
@@ -1243,11 +1243,11 @@
<attribute name="SSLProtocol" required="false">
<p>Protocol which may be used for communicating with clients. The default
- value is <code>all</code>, which is equivalent to
<code>SSLv3+TLSv1</code>
+ value is <code>all</code>, which is equivalent to <code>TLSv1</code>
with other acceptable values being <code>SSLv2</code>,
<code>SSLv3</code>, <code>TLSv1</code> and any combination of the three
- protocols concatenated with a plus sign. Note that the protocol
- <code>SSLv2</code> is inherently unsafe.</p>
+ protocols concatenated with a plus sign. Note that the protocols
+ <code>SSLv2</code> and <code>SSLv3</code> are inherently unsafe.</p>
</attribute>
<attribute name="SSLVerifyClient" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
