sslv3

I have a web application running on Jetty 6 + Open JDK 7 on Debian 6.0.7. I have a security requirement to accept a TLS handshake but not an SSLv3.0 handshake when a client initiates an HTTPS connection. In my jetty.xml I set the protocol to TLS: <New class="org.mortbay.jetty.security.SslSocketConnector"> <Set name="protocol">TLS</Set> ... With this configuration, the web server still appears to accept an SSLv3.0 handshake. This has been verified with the 'sslscan' tool and running 'curl -sslv3 -kv {host}'. Is it possible to configure Jetty to only accept a TLS handshake? I would be willing to

I'm trying to send emails from an Outlook account in my iOS application. I'm using Mailcore2 and Outlook's Live-SDK. I am able to receive emails, but get an error when I try to send emails: "a stable connection to the server could not be established". To investigate the issue, I went into the terminal and tried to connect via SSL: openssl s_client -crlf -connect smtp-mail.outlook.com:587 The response I got back was: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/SourceCache/OpenSSL098/OpenSSL098-50/src/ssl/s23_clnt.c:607 I don't know exactly what this error means, after a

Since 3 days I can't connect to the paypal sandbox. I found out that they maybe dissabled the support for SSLv3. So i tried to change the SSL Version in my curl Request by setting : curl_setopt($curl, CURLOPT_SSLVERSION,1); # 1 = TLSv1 But it still give me the same error : error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Any idea why the script is still using SSLv3 ? I am using php 5.5 and the following curl version ( currently asking at my hoster [ managed hosting at 1&1 ] to upgrade to a newer version) curl 7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9