Re: TLS+SSLv3 but no SSLv2

2010-01-25 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/25/2010 8:16 AM, Jens Neu wrote: > Chris, > > thanks for all your help, everyting is up and running. I settled for > > 'ALL:!EXP:!LOW:!SSLv2' > > which is exaclty what I need. > >> You should take a look at this guy's tool, here: >> htt

Re: TLS+SSLv3 but no SSLv2

2010-01-25 Thread Jens Neu
y the script (not the page) seems to be 404 :( regards from Berlin Jens Health Services Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de Christopher Schultz 01/22/2010 07:47 PM Please respond to "Tomcat Users List" To Tomcat Users List cc Sub

Re: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 12:51 PM, Jens Neu wrote: > Christopher, > > maybe that was a bit premature, running with > SSLCipher="-ALL:+HIGH:+MEDIUM:!SSLv2": > > openssl s_client -ssl2 -connect server:8443 > CONNECTED(0003) > --- > SSL handshake has re

Re: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Jens Neu
Christopher, maybe that was a bit premature, running with SSLCipher="-ALL:+HIGH:+MEDIUM:!SSLv2": openssl s_client -ssl2 -connect server:8443 CONNECTED(0003) ... --- Ciphers common between both SSL endpoints: RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5 EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-C

Re: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Jens Neu
:) Jens Health Services Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de Christopher Schultz 01/22/2010 06:36 PM Please respond to "Tomcat Users List" To Tomcat Users List cc Subject Re: TLS+SSLv3 but no SSLv2 -BEGIN PGP SIGNED MESSAGE- H

Re: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 12:30 PM, Jens Neu wrote: > Christopher, > > my "Problem" is that I have a requirement that SSLv2 shall be forbidden, > but not SSLv3 and TLS. On top, also forbidden are ciphers <=128bit. I was > hoping to tackle this with > >

Re: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Jens Neu
Jens Neu Health Services Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de Christopher Schultz 01/22/2010 06:05 PM Please respond to "Tomcat Users List" To Tomcat Users List cc Subject Re: TLS+SSLv3 but no SSLv2 -BEGIN PGP SIGNED MESSAGE

Re: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens, On 1/22/2010 11:10 AM, Jens Neu wrote: > on http://tomcat.apache.org/tomcat-6.0-doc/apr.html I read for the > SSLProtocol: > > "Protocol which may be used for communicating with clients. The default is > "all", with other acceptable values be

RE: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Jens Neu
Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de "Caldarale, Charles R" 01/22/2010 05:42 PM Please respond to "Tomcat Users List" To Tomcat Users List cc Subject RE: TLS+SSLv3 but no SSLv2 > From: Jens Neu [mailto:jens@biotronik.com]

RE: TLS+SSLv3 but no SSLv2

2010-01-22 Thread Caldarale, Charles R
> From: Jens Neu [mailto:jens@biotronik.com] > Subject: TLS+SSLv3 but no SSLv2 > > Does this really mean that I can not allow a "TLSv1+SSLv3" setting > while forbidding SSLv2? I was under the impression that specifying TLSv1 would include SSLv3, since there are

TLS+SSLv3 but no SSLv2

2010-01-22 Thread Jens Neu
Dear all, on http://tomcat.apache.org/tomcat-6.0-doc/apr.html I read for the SSLProtocol: "Protocol which may be used for communicating with clients. The default is "all", with other acceptable values being "SSLv2", "SSLv3", "TLSv1", and "SSLv2+SSLv3"." Does this really mean that I can not al