tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ognjen Blagojevic <>
Subject Re: How to allow only TLS 1.1 connections to Tomcat (6.0) server with https ?
Date Tue, 05 Mar 2013 14:29:39 GMT

On 5.3.2013 11:47, Brijesh Deo wrote:
> Thanks Ognjen. I tried with -Dhttps.protocols="TLSv1.1" in Tomcat startup but even this
doesn’t work with Tomcat 6.0. Looks like upgrading to Tomcat 7.0 seems to be the only way
to achieve this easily through configuration in server.xml.

That was strange, so I started looking where Tomcat 6.0.32 sets enabled 
protocols. Here it is (, lines 789-791):

   String requestedProtocols = (String) attributes.get("protocols");
   setEnabledProtocols(socket, getEnabledProtocols(socket,

It seems that Tomcat 6.0.32 (and probably other 6.0.xx versions) use 
undocumented attribute for HTTPS connector "protocols". So in Tomcat 7 
you might use:

   sslProtocol="TLSv1.1" sslEnabledProtocols="TLSv1.1"

and in Tomcat 6.0.32:

   sslProtocol="TLSv1.1" protocols="TLSv1.1"

It works for me.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message