1

In Solaris, after I modified my server.xml <Connector> tag with sslProtocols="TLSv1,TLSv1.1,TLSv1.2", the command to check if SSLv3 is supported responds as below:

$ /usr/sfw/bin/openssl s_client -connect IPADDRESS:PORT -ssl3

CONNECTED(00000003) 8272:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:../../../../common/openssl/ssl/s3_pkt.c:286:

$ /usr/sfw/bin/openssl version -a

OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2008-7270 CVE-2009-0590 CVE-2009-3555 CVE-2010-4180)

Can anyone please explain what that error means?

Christopher Schultz
  • 20,221
  • 9
  • 60
  • 77
Vijay
  • 1,026
  • 3
  • 11
  • 28
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. Also [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306). – jww Apr 21 '16 at 23:42

2 Answers2

0

The error is telling you that SSLv3 isn't enabled on the server, and the handshake can't be completed. So, it's telling you that you have correctly configured your server to disable SSLv3.

SSLv3 is, in fact, completely disabled with the configuration you have above.

Christopher Schultz
  • 20,221
  • 9
  • 60
  • 77
0

this ssl error because of unsupported version in place for attribute sslProtocol. Yesterday while debugging for this error, i have removed the TLSv1.1, 1.2 and checked for sslv3 check, there was no error as like.

Since the intention of disabling SSLv3 still not solved, the below details found just now conveying Tomcat6 does have support only for TLSv1

https://serverfault.com/questions/637649/how-do-i-disable-sslv3-support-in-apache-tomcat/637666#637666

Thanks for the attention.

Community
  • 1
  • 1
Vijay
  • 1,026
  • 3
  • 11
  • 28