I guess I'm back to my original question then of is there a way to disable deprecated protocols and ciphers for this (org.apereo.cas.authentication.FileTrustStoreSslSocketFactory) for general consistency. Or is this something we should not bother with ( and why not)?
Our 5.0.x builds are still using maven, is there a pom.xml or other equivalent to the gradle.properties you referenced? On Fri, Feb 5, 2021 at 7:10 AM Misagh <[email protected]> wrote: > The logs you see above from FileTrustStoreSslSocketFactory have > nothing to do with Tomcat whether external or internal, or the > connection exposed over http. > > And if you have not anything explicit to enable or disable the > internal tomcat, then you get it by default. So you end up with a CAS > application that is pregnant with an apache tomcat instance. If you > deploy to an external tomcat, the embedded tomcat will automatically > back away and will have no effect. To disable it from inclusion, you > should make sure this is set to blank: > > > https://github.com/apereo/cas-overlay-template/blob/master/gradle.properties#L5-L7 > > On Fri, Feb 5, 2021 at 8:41 PM Baron Fujimoto <[email protected]> wrote: > > > > AFAIK, our CAS 5.0.x instances are using external Tomcat. We've always > set the protocols and ciphers in its own config. Everything that connects > to us (e.g. SSL Labs server tests) suggests we are using this external > Tomcat. Yet we still get the logs provided previously, and I don't think > we've done anything to explicitly enable or disable any internal Tomcat. > Where would I find information on doing so? > > > > On Thu, Feb 4, 2021 at 9:12 PM Misagh Moayyed <[email protected]> > wrote: > >> > >> That depends on whether you are running embedded or external. If > external, you should be changes to tomcat yourself and manually and you > should review the tomcat documentation. If embedded, then you should > consider using `server.ssl.enabled-protocols=` which is a setting provided > by Spring Boot to CAS that controls the enabled protocols and > auto-configures the embedded tomcat. > >> > >> > >> -- > >> - Website: https://apereo.github.io/cas > >> - Gitter Chatroom: https://gitter.im/apereo/cas > >> - List Guidelines: https://goo.gl/1VRrw7 > >> - Contributions: https://goo.gl/mh7qDG > >> --- > >> You received this message because you are subscribed to the Google > Groups "CAS Community" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > >> To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/b865a483-8388-4dcd-b12e-31a4d5efecc1n%40apereo.org > . > > > > > > > > -- > > Baron Fujimoto <[email protected]> :: UH Information Technology Services > > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > > > > -- > > - Website: https://apereo.github.io/cas > > - Gitter Chatroom: https://gitter.im/apereo/cas > > - List Guidelines: https://goo.gl/1VRrw7 > > - Contributions: https://goo.gl/mh7qDG > > --- > > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0%2Bxt0onQDqd-m%2BjAdYym%2BPyZu27ouMM24Fy%3DPEjaxLBw%40mail.gmail.com > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGSBKkdPJSXh1CPOz3ee9QhLH1KoybnJ%2ByDNxmWQKHr5vNmuTw%40mail.gmail.com > . > -- Baron Fujimoto <[email protected]> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1LO6DirCu8io9MQ-jbRS9S3H8Sd8Ao8xwRpK5Wu%3DS%3D1w%40mail.gmail.com.
