0Answer
  • 12
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Disable SSL3 on tomcat4

I have a very old web application that uses tomcat4. B/c of the poodle vulnerability I need to disable SSL3 and disable a bunch of weak ciphers. My connector looks like this, but apparently according to www.ssllabs.com I still have SSL3 enabled. Can anybody tell me what's wrong? Any insight would be appreciated, thanks!

(edited so it appears on the page so there are some characters missing but the important attributes are there)

 Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
           acceptCount="100" debug="0" scheme="https" secure="true"
               useURIValidationHack="false" disableUploadTimeout="true"
                SSLEnabled="true" sslProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA">

      Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
               clientAuth="false" protocol="TLS" />
    </Connector
      • 2
    • Thanks Nathan. I added that cipher. Do you know why ssllabs.com still reports SSL3 is enabled when I'm only listing TLS protocols?
    • I'm working on this matter too, but so fare it looks like a dead end... The closest thing I found was this, which state that you could avoid sslv2 from tomcat 4.1.32. I tried swapping the jar files, as a wild guess and hope, but it doesn't start nor do I get an exception. I noticed the setting of a org.apache.tomcat.util.net.SSLImplementation in the apache coyote connector, but I'm unsure that it's a path to go... Did you by any chance get a bit longer?

Trending Tags