The SSLProtocol parameter does not allow the combination of SSLv3+TLSv1 which is actually highly preferred. The underlying libtcnative supports that (since 1.1.21: Support arbitrary protocol combinations of SSLv2, SSLv3 and TLSv1. (rjung)) though. APR supports that anyway. Please add support to use both of them. I have created a patch to make that work. Documentation has to be adapted accordingly. A sslcan on the Tomcat servers shows full support from APR and OpenSSL: $ sslscan <host>:18443 | grep Accepted Accepted SSLv3 256 bits DHE-RSA-AES256-SHA Accepted SSLv3 256 bits ADH-AES256-SHA Accepted SSLv3 256 bits AES256-SHA Accepted SSLv3 168 bits EDH-RSA-DES-CBC3-SHA Accepted SSLv3 168 bits ADH-DES-CBC3-SHA Accepted SSLv3 168 bits DES-CBC3-SHA Accepted SSLv3 128 bits DHE-RSA-AES128-SHA Accepted SSLv3 128 bits ADH-AES128-SHA Accepted SSLv3 128 bits AES128-SHA Accepted TLSv1 256 bits DHE-RSA-AES256-SHA Accepted TLSv1 256 bits ADH-AES256-SHA Accepted TLSv1 256 bits AES256-SHA Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA Accepted TLSv1 168 bits ADH-DES-CBC3-SHA Accepted TLSv1 168 bits DES-CBC3-SHA Accepted TLSv1 128 bits DHE-RSA-AES128-SHA Accepted TLSv1 128 bits ADH-AES128-SHA Accepted TLSv1 128 bits AES128-SHA
Created attachment 28870 [details] Patched AprEndpoint with SSLv3+TLSv1 parallel support
This feature has already been implemented (will be in 6.0.36) Hint: links to changelog pages are gathered on this page: http://tomcat.apache.org/bugreport.html#Changelog *** This bug has been marked as a duplicate of bug 51477 ***