tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Tomcat Version 7.0.34 + jdk 1.6 is not supporting TLS Protocol TLS1.2
Date Wed, 18 Jan 2017 15:10:16 GMT
Hash: SHA256


On 1/18/17 6:03 AM, dhanesh1212121212 wrote:
> Thanks for the support. This meets our requirement. We are going
> with stable java 1.8 version (default TLSv1.2) which has support
> for tomcat 7.0.34 + TLSv1.2.

I would recommend upgrading to Tomcat 8.0.x or Tomcat 8.5.x if you are
going to go through a whole round of testing anyway.

> Need one more information. Question is mentioned below.
> Suppose my web server (Apache) and application (Tomcat) is using
> TLS1.2 protocol and some other web server with TLSv1.0 or TLSv1.1
> is passing a request to our server.

In that case, the "some other web server" is considered the client.

> Will the response will be 200Ok without any SSL secure negotiation
> error?

That depends upon how you configure your server. If you want to accept
*only* TLSv1.2, then a client attempting to contact your server using
TLSv1 or TLSv1.1 will fail to connect. They will not get an HTTP
response. Instead, they'll get a TLS handshake failure.

> Will all requests from client (browser) to server will happen
> without any error?

As long as your clients support the protocols your server does, you
should be fine. Most of the world has abandoned SSLv3 at this point,
and so should you. Most of the world now supports TLSv1.2, and so
should you.

The only question is whether or not it is safe for you to disable
TLSv1 and TLSv1.1, and whether or not you actually want to do that. Do
you have a specific reason to disable TLSv1 and TLSv1.1? If not, leave
them enabled and you will reach the widest audience that is currently
reasonable. If you want to be as super-secure as you think you can be,
disable everything except TLSv1.2.

- -chris

> On Fri, Dec 16, 2016 at 12:39 PM, <>
> wrote:
>> This was a typo, no plans for tls 1.3 in java yet
>> -----Urspr√ľngliche Nachricht----- Von: Christopher Schultz
>> [] Gesendet: Donnerstag, 15.
>> Dezember 2016 22:36 An: Tomcat Users List
>> <> Betreff: Re: Tomcat Version 7.0.34 +
>> jdk 1.6 is not supporting TLS Protocol TLS1.2
> Frank,
> On 12/15/16 10:19 AM, wrote:
>>>> Q1  use recent java8 Version if you want secure TLS 1.3
>>>> choose right cipher.
> That might have been a typo, but I wanted to be clear that Java 8
> doesn't support TLSv1.3.
> TLSv1.3 is still in a draft state, and is not widely-deployed.
> -chris
>> ---------------------------------------------------------------------
To unsubscribe, e-mail:
>> For additional commands, e-mail:
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message