https://issues.apache.org/bugzilla/show_bug.cgi?id=57238
Bug ID: 57238
Summary: Updated SSL/TLS information for Tomcat 8/9
Product: Tomcat 8
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: dev@tomcat.apache.org
Reporter: g...@organicdesign.org
Created attachment 32218
--> https://issues.apache.org/bugzilla/attachment.cgi?id=32218&action=edit
A documentation diff made using git-svn diff.
ssl-howto.html: Added TLS to the title and updated to say SSL/TLS in a few
places and to acknowledge that SSL is obsolete since the POODLE attack this
year, and that Transport Layer Security (TLS) has replaced it. Didn't go crazy
because all the Tomcat settings are still called sslWhatever. Linked to the
security-howto.html document.
security-howto.html: Added that the ciphers attribute supports OpenSSL syntax,
plus an example attribute-value that works well today. Also added a paragraph
on sslEnabledProtocols since this is the only way I know to make standalone
Tomcat POODLE-proof.
I may have made these changes to the Tomcat 9 docs by accident, but they apply
equally well to 8 or 9 AFAIK, so maybe someone could merge them appropriately?
Christopher Schultz suggested on the Tomcat Users list 2011-11-13 that I try
submitting a documentation patch here as an attachment. This is my first
Tomcat Documentation Patch ever.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
