Solved

Disable SSLV2 in Tomcat

Posted on 2009-06-29
8
1,396 Views
Last Modified: 2012-05-07
I need to verify that SSLV2 is not enabled on our Tomcat web server. It is being hosted on a windows 2003 server.
0
Comment
Question by:heco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
8 Comments
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24741528
Hi

I found this on

http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_22837110.html

Create a DWORD value in the following key named Enabled.  Set it to 0 (zero).  Reboot.


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
0
 

Author Comment

by:heco
ID: 24741573
Thanks for the response. This appears to be for IIS, I need to know how to do it in Tomcat.
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24741627
Hi,  

the registry fix may simply disable SSLV2 on Win2k3

the registry key does not point to IIS Subkeys
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 

Author Comment

by:heco
ID: 24741634
Thanks, I will give it a shot and let you know!
0
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 500 total points
ID: 24741638
Hi,

according to

http://blog.techstacks.com/2008/09/securing-ssl-in-tomcat-part-one-sslv2.html

the author states that SSLv2 is disabled in newer versions of tomcat

and show a method with cURL to prove it
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24756023
any luck?
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24817546
any progress?
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24891049
Hi,

please award points or close question

Jfer
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Obtaining a computer ssl certificate from AD PKI using the command line 2 79
EDI Solution or comparable? 2 61
ssl mixed content reported 1 22
Dell SonicWall Connection 18 60
We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question