What is the best value for SSLProtocol parameter in Tomcat APR config?
Docs says: “Protocol which may be used for communicating with clients. The default is “all”, with other acceptable values being “SSLv2”, “SSLv3”, “TLSv1”, and “SSLv2+SSLv3″.”
At first I’ve made a mistake and actually had SSL2 enabled which caused problems to many clients like “SSL2 not supported, you must switch to TLS”.
So I changed that to “TLSv1” and it was OK till I’ve got some problems with remote http requests.
Finally I changed the value to “all” (default). Is it correct? Or SSL2 must be disabled?
Thanks in advance!
The default in the Sun JRE is to use SSLv2 for the initial handshake, and then “upgrade” to either SSLv3, or TLSv1. Unless you have good reason not to, I would stick with the default.