The APR supports only SSLv2, SSLv3 and TLSv1.0. The default value is set to SSLv3+TLSv1. The protocol SSLv2 is unsafe. See more: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native