+1 stable << for me
However, and I don't know if this is a game changer, I am having a problem
when implementing SSL using the NIOConnector, althought the problem does
not look like a Tomcat source problem. I did verify that disabling SSLv3
does indeed prevent a client from connecting to the server with SSLv3
protocol, however, when setting it to SSLv2 I am receiving an Illegal Arg
exception... Looks like this would be on the Java side, should I log it?
SSLv2 is a valid option according to the Java documnetation.
Nov 17, 2014 2:19:35 PM org.apache.tomcat.util.net.NioEndpoint
setSocketOptions
SEVERE:
java.lang.IllegalArgumentException: SSLv2
at
sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:164)
Based on this though I think I should log the error with Oracle? I was
using JDK 7, and I based "SSLv2" being valid from the protocol list here:
https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames
-Andrew
Full Exception:
Nov 17, 2014 2:20:42 PM org.apache.tomcat.util.net.NioEndpoint
setSocketOptions
SEVERE:
java.lang.IllegalArgumentException: SSLv2
at
sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:164)
at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
at
sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2023)
at
org.apache.tomcat.util.net.NioEndpoint.createSSLEngine(NioEndpoint.java:1144)
at
org.apache.tomcat.util.net.NioEndpoint.setSocketOptions(NioEndpoint.java:1097)
at
org.apache.tomcat.util.net.NioEndpoint$Acceptor.run(NioEndpoint.java:1322)
at java.lang.Thread.run(Thread.java:745)
Nov 17, 2014 2:20:42 PM org.apache.tomcat.util.net.NioEndpoint
setSocketOptions
SEVERE:
java.lang.IllegalArgumentException: SSLv2
On Mon, Nov 17, 2014 at 5:39 AM, Violeta Georgieva <miles...@gmail.com>
wrote:
> +1 stable
>
> Regards,
> Violeta
>
> На петък, 14 ноември 2014 г. Mark Thomas <ma...@apache.org> написа:
>
> > The proposed Apache Tomcat 6.0.43 release is now available for voting.
> >
> > The key changes since 6.0.41 are:
> >
> > - Disable SSLv3 by default in light of the recently announced POODLE
> > vulnerability. (CVE-2014-3566)
> >
> > - Update to Tomcat Native Library version 1.1.32 to pick up the Windows
> > binaries that are based on OpenSSL 1.0.1j and APR 1.5.1.
> >
> > - Various fixes to EL parsing when EL is used in a JSP.
> >
> >
> > It can be obtained from:
> > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-6/v6.0.43/
> >
> > The Maven staging repo is:
> > https://repository.apache.org/content/repositories/orgapachetomcat-1027/
> > The svn tag is:
> > http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_43/
> >
> > The proposed 6.0.43 release is:
> > [ ] Broken - do not release
> > [ ] Stable - go ahead and release as 6.0.43 Stable
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org <javascript:;>
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> <javascript:;>
> >
> >
>
--
With Regards,
Andrew Carr
e. andrewlanec...@gmail.com
w. andrew.c...@openlogic.com
h. 4235255668
c. 4239489852
a. 101 Francis Drive, Greeneville, TN, 37743
