tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brijesh Deo <b...@SonicWALL.com>
Subject Re: How to allow only TLS 1.1 connections to Tomcat (6.0) server with https ?
Date Tue, 05 Mar 2013 15:02:23 GMT
Thanks a lot Ognjen for looking into this so extensively. I think I had tried this combination
- sslProtocol="SSL" and protocols="TLSv1.1". I will try again with both being "TLSv1.1" and
then I think it would work.

Thanks again,
Brijesh


Sent from Samsung Mobile



-------- Original message --------
From: Ognjen Blagojevic <ognjen.d.blagojevic@gmail.com>
Date: 05/03/2013 20:00 (GMT+05:30)
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: How to allow only TLS 1.1 connections to Tomcat (6.0) server with https ?


Brijesh,

On 5.3.2013 11:47, Brijesh Deo wrote:
> Thanks Ognjen. I tried with -Dhttps.protocols="TLSv1.1" in Tomcat startup but even this
doesn’t work with Tomcat 6.0. Looks like upgrading to Tomcat 7.0 seems to be the only way
to achieve this easily through configuration in server.xml.

That was strange, so I started looking where Tomcat 6.0.32 sets enabled
protocols. Here it is (JSSESocketFactory.java, lines 789-791):

   String requestedProtocols = (String) attributes.get("protocols");
   setEnabledProtocols(socket, getEnabledProtocols(socket,
       requestedProtocols));

It seems that Tomcat 6.0.32 (and probably other 6.0.xx versions) use
undocumented attribute for HTTPS connector "protocols". So in Tomcat 7
you might use:

   sslProtocol="TLSv1.1" sslEnabledProtocols="TLSv1.1"

and in Tomcat 6.0.32:

   sslProtocol="TLSv1.1" protocols="TLSv1.1"


It works for me.

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message