users@grizzly.java.net

Re: Disabling sslv3 and tlsv1

From: Gautam Naha <naha.gautam_at_gmail.com>
Date: Tue, 2 Dec 2014 13:00:08 -0800

Thanks to all.

It seems the browser doesn't have tls1.1 and tls1.2 enabled and hence it
was failing as those are the only ones enabled in the web server.

thanks
Gautam

On 2 December 2014 at 12:51, Oleksiy Stashok <oleksiy.stashok_at_oracle.com>
wrote:

> Hi,
>
> can you try more recent FireFox, the one I have 33.1 works fine, same for
> Safari.
>
> WBR,
> Alexey.
>
>
> On 02.12.14 10:15, Gautam Naha wrote:
>
>> Hi
>>
>> Could some body let me know if there is any thing else that needs to be
>> done on disabling sslv3 / tlsv1.
>>
>> I have used sslEngineConfigurator.setEnabledProtocols(new
>> String[]{"TLSv1.1","TLSv1.2"}) and tested OK with openssl to check if
>> sslv3 and tlsv1 were indeed disabled.
>>
>> But the issue is when browsers like Firefox try to access the webpage and
>> it throws a message like "Connection Interrupted" and cannot show the web
>> page. To my understanding the browser should be able to negotiate the
>> highest level of tls (i.e tls1.1 and tls1.2) with the server and web page
>> should have been displayed. I do not want the user to change any setting in
>> browser as this should work automatically.
>>
>> The only browser that works OK is Chrome.
>>
>> Please can somebody advice if there is some other stuff that needs to be
>> done.
>> FYI , Firefox browser is ver 24.0 .
>>
>> thanks
>> Gautam
>>
>
>