tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: How to allow only TLS 1.1 connections to Tomcat (6.0) server with https ?
Date Tue, 05 Mar 2013 22:27:38 GMT
2013/3/5 Brijesh Deo <bdeo@sonicwall.com>:
> Hi,
> Is there a way to make TLS 1.1 required for https connection with Tomcat server. I am
currently on Tomcat 6.0.32 with JRE 1.7 on Windows 7. I tried setting [sslProtocol="TLSv1.1"]
in the Connector definition in server.xml but that did not stop TLS 1.0 connections from being
accepted. I am not using OpenSSL and instead using JSSE as the TLS provider.
> Is it possible to do it this way? Or do I need to upgrade to Tomcat 7.0 to be able to
allow only TLS 1.1 connections with https? Please let me know how to do this.


1. If you are brave enough to use Java 7, I would recommend to use
Tomcat 7.0 with it.
There was a number of fixes in Tomcat connectors to allow use of Java
7, e.g. in 6.0.34

2. If TLS 1.1 uses different ciphers, may be you can configure the
list of ciphers to be limited to those ones. (I have not tried, just
an idea).

3. Beware of issue 54406.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54406

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message