tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brijesh Deo <b...@SonicWALL.com>
Subject RE: How to allow only TLS 1.1 connections to Tomcat (6.0) server with https ?
Date Wed, 06 Mar 2013 04:37:31 GMT
-----Original Message-----
From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com] 
Sent: 06 March 2013 03:58
To: Tomcat Users List
Subject: Re: How to allow only TLS 1.1 connections to Tomcat (6.0) server with https ?

2013/3/5 Brijesh Deo <bdeo@sonicwall.com>:
> Hi,
> Is there a way to make TLS 1.1 required for https connection with Tomcat server. I am
currently on Tomcat 6.0.32 with JRE 1.7 on Windows 7. I tried setting [sslProtocol="TLSv1.1"]
in the Connector definition in server.xml but that did not stop TLS 1.0 connections from being
accepted. I am not using OpenSSL and instead using JSSE as the TLS provider.
> Is it possible to do it this way? Or do I need to upgrade to Tomcat 7.0 to be able to
allow only TLS 1.1 connections with https? Please let me know how to do this.


1. If you are brave enough to use Java 7, I would recommend to use
Tomcat 7.0 with it.
There was a number of fixes in Tomcat connectors to allow use of Java
7, e.g. in 6.0.34

2. If TLS 1.1 uses different ciphers, may be you can configure the
list of ciphers to be limited to those ones. (I have not tried, just
an idea).

3. Beware of issue 54406.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54406

Best regards,
Konstantin Kolinko


Thanks Konstantin. I am using Java 7 with Tomcat 6.0.32.

-Brijesh

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message