SSLv3 seems to be not disabled even after tomcat 6 server xml changes TLSv1

Asked Apr 22 '16 at 06:37

Active Apr 22 '16 at 08:45

Viewed 555 times

Even after setting in server.xml as sslProtocol="TLSv1" when we do vulnerability check, the below are the details of output..

# /usr/sfw/bin/

> openssl s_client -connect ipaddress:portNo -ssl3

CONNECTED(00000003)

verify error:num=19:self signed certificate in certificate chain

verify return:0
---
Certificate chain
---
Server certificate
printed even the certificate
---
No client certificate CA names sent
---
SSL handshake has read 3040 bytes and written 442 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
SSL-Session:
    Protocol  : SSLv3
    Cipher    : AES128-SHA
    Session-ID: 5719C37963ED3152FBE0543342EF2327303E66D3B8E32F020729D105A669AB04
    Session-ID-ctx:
    Master-Key: 3A31836C1C6DD8550B76051F8890073B7571B3C4DFC5F88B60D8FD2A3EA38BC00D845E16D6A9E134EF9B5BD79DD68B6F
    Key-Arg   : None
    Start Time: 1461306233
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)

Can any one please advise how to fix it..?

edited Apr 22 '16 at 08:29

ALex_hha

7,415

asked Apr 22 '16 at 06:37

Vijay

SSLv3 seems to be not disabled even after tomcat 6 server xml changes TLSv1

0 Answers0