Solved

Disable SSLV2 in Tomcat

Posted on 2009-06-29
8
1,400 Views
Last Modified: 2012-05-07
I need to verify that SSLV2 is not enabled on our Tomcat web server. It is being hosted on a windows 2003 server.
0
Comment
Question by:heco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
8 Comments
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24741528
Hi

I found this on

http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_22837110.html

Create a DWORD value in the following key named Enabled.  Set it to 0 (zero).  Reboot.


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
0
 

Author Comment

by:heco
ID: 24741573
Thanks for the response. This appears to be for IIS, I need to know how to do it in Tomcat.
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24741627
Hi,  

the registry fix may simply disable SSLV2 on Win2k3

the registry key does not point to IIS Subkeys
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 

Author Comment

by:heco
ID: 24741634
Thanks, I will give it a shot and let you know!
0
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 500 total points
ID: 24741638
Hi,

according to

http://blog.techstacks.com/2008/09/securing-ssl-in-tomcat-part-one-sslv2.html

the author states that SSLv2 is disabled in newer versions of tomcat

and show a method with cURL to prove it
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24756023
any luck?
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24817546
any progress?
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24891049
Hi,

please award points or close question

Jfer
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question