Thanks Konstantin On Tue, Nov 18, 2014 at 3:09 PM, Konstantin Kolinko <knst.koli...@gmail.com> wrote:
> 2014-11-17 22:26 GMT+03:00 Andrew Carr <andrewlanec...@gmail.com>: > > +1 stable << for me > > > > However, and I don't know if this is a game changer, I am having a > problem > > when implementing SSL using the NIOConnector, althought the problem does > > not look like a Tomcat source problem. I did verify that disabling > SSLv3 > > does indeed prevent a client from connecting to the server with SSLv3 > > protocol, however, when setting it to SSLv2 I am receiving an Illegal Arg > > exception... Looks like this would be on the Java side, should I log it? > > SSLv2 is a valid option according to the Java documnetation. > > > > Nov 17, 2014 2:19:35 PM org.apache.tomcat.util.net.NioEndpoint > > setSocketOptions > > SEVERE: > > java.lang.IllegalArgumentException: SSLv2 > > at > > sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:164) > > > > Based on this though I think I should log the error with Oracle? I was > > using JDK 7, and I based "SSLv2" being valid from the protocol list here: > > > https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames > > > > -Andrew > > > > > > Full Exception: > > Nov 17, 2014 2:20:42 PM org.apache.tomcat.util.net.NioEndpoint > > setSocketOptions > > SEVERE: > > java.lang.IllegalArgumentException: SSLv2 > > at > > sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:164) > > at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84) > > at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52) > > > I think that is just Sun/Oracle's way to remove support for SSLv2. > There is nothing that Tomcat devs can do about. > > That "standard names" page is just a general reference. Specific JRE > vendors may implement a subset/superset of it. > > E.g. if you follow "Note: The Sun Provider Documentation contains > specific provider and algorithm information." link at the top of the > page, you come here: > > https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html > > and there is no SSLv2 on that second page. > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > -- With Regards, Andrew Carr e. andrewlanec...@gmail.com w. andrew.c...@openlogic.com h. 4235255668 c. 4239489852 a. 101 Francis Drive, Greeneville, TN, 37743
