0002792: jsse ssl protocols

Viewing Issue Advanced Details [ Jump to Notes ]

[ View Simple ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0002792

[Resin]

minor

always

07-16-08 11:44

07-28-08 19:22

Reporter

ferg

View Status

public

Assigned To

ferg

Priority

urgent

Resolution

fixed

Platform

Status

closed

Projection

none

OS Version

ETA

none

Fixed in Version

3.2.0

Product Version

3.1.6

Product Build

Summary

0002792: jsse ssl protocols

Description

(rep by Maithili Deshpande)

We are on windows XP and are working on upgrading to jdk 1.6 and resin 3.1.6. We are using jsse-ssl. As part of this upgrade we would like to disable SSLv2 and use SSLv3. From going thru' the documentation on the caucho site, it looks like the default is that all the protocols (sslv2, sslv3, TLsv1) are enabled.

I'm not finding any clear documentation/syntax on how to turn off SSLv2. I found something that says > to enable all except SSLv2, use:

SSLProtocol all -SSLv2

and

sslv2
Enables or disables SSL v2 for a SSL port. If sslv2 is false, clients trying to use SSL v2 will fail.
Default: true.

But how do I configure this in my resin.conf file? Our resin.conf file is attached. Any help would be appreciated.

Steps To Reproduce

Additional Information

Attached Files

Relationships

Notes
(0003286) ferg 07-28-08 19:22	server/0622

Issue History
Date Modified	Username	Field	Change
07-16-08 11:44	ferg	New Issue
07-28-08 19:22	ferg	Note Added: 0003286
07-28-08 19:22	ferg	Assigned To	=> ferg
07-28-08 19:22	ferg	Status	new => closed
07-28-08 19:22	ferg	Resolution	open => fixed
07-28-08 19:22	ferg	Fixed in Version	=> 3.2.0
01-05-09 13:14	jhefer	Issue Monitored: jhefer
01-05-09 13:14	jhefer	Issue End Monitor: jhefer
03-22-10 19:35	ssexton	Issue Monitored: ssexton

Mantis 1.0.0rc3[^]

33 total queries executed.
27 unique queries executed.