security - Poodle config for Tomcat 7 blocks IE8 on XP -
i have configured our tomcat 7 (jdk 7) server take tls (1, 1.1 & 1.2) protocols, address poodle. have disabled dh cipher suites accomplish pci dss compliance.
unfortunately blocks requests ie8 browsers (on xp). has got around issue.
ie8 seems back upwards next non-weak ciphers: tls_rsa_with_rc4_128_md5 tls_rsa_with_rc4_128_sha tls_dhe_dss_with_3des_ede_cbc_sha
however jdk 7 not.
any help appreciated.
this resolved on tomcat 7 next config:
<connector port="443" protocol="http/1.1" sslenabled="true" maxthreads="150" scheme="https" secure="true" clientauth="false" sslprotocol="tls" sslenabledprotocols="tlsv1.2,tlsv1.1,tlsv1" acceptcount="100" keystorefile="xxxxxxxxx" keystorepass="xxxxxxxxx" ciphers="ssl_rsa_with_rc4_128_md5, ssl_rsa_with_rc4_128_sha, tls_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_rc4_128_sha, tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha256, tls_rsa_with_aes_256_cbc_sha"/>
security tomcat ssl poodle-attack
No comments:
Post a Comment