Solved

Disable SSLV2 in Tomcat

Posted on 2009-06-29
8
1,389 Views
Last Modified: 2012-05-07
I need to verify that SSLV2 is not enabled on our Tomcat web server. It is being hosted on a windows 2003 server.
0
Comment
Question by:heco
  • 6
  • 2
8 Comments
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24741528
Hi

I found this on

http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_22837110.html

Create a DWORD value in the following key named Enabled.  Set it to 0 (zero).  Reboot.


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
0
 

Author Comment

by:heco
ID: 24741573
Thanks for the response. This appears to be for IIS, I need to know how to do it in Tomcat.
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24741627
Hi,  

the registry fix may simply disable SSLV2 on Win2k3

the registry key does not point to IIS Subkeys
0
 

Author Comment

by:heco
ID: 24741634
Thanks, I will give it a shot and let you know!
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 9

Accepted Solution

by:
jfer0x01 earned 500 total points
ID: 24741638
Hi,

according to

http://blog.techstacks.com/2008/09/securing-ssl-in-tomcat-part-one-sslv2.html

the author states that SSLv2 is disabled in newer versions of tomcat

and show a method with cURL to prove it
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24756023
any luck?
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24817546
any progress?
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24891049
Hi,

please award points or close question

Jfer
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now