Brijesh,
On 5.3.2013 7:09, Brijesh Deo wrote:
Is there a way to make TLS 1.1 required for https connection with Tomcat server. I am
currently on Tomcat 6.0.32 with JRE 1.7 on Windows 7. I tried setting
[sslProtocol="TLSv1.1"] in the Connector definition in server.xml but that did
not stop TLS 1.0 connections from being accepted. I am not using OpenSSL and instead
using JSSE as the TLS provider.
Is it possible to do it this way? Or do I need to upgrade to Tomcat 7.0 to be
able to allow only TLS 1.1 connections with https? Please let me know how to do
this.
HTTPS connector parameter sslProtocol defines which SSL/TLS protocols
are enabled by default, e.g. for Oracle JDK 7:
1) setProtocol="TLS" will enable SSLv3 and TLSv1
2) setProtocol="TLSv1.2" will enable SSLv3, TLSv1, TLSv1.1 and TLS v1.2
3) setProtocol="TLSv1.1" will enable SSLv3, TLSv1, and TLSv1.1
4) setProtocol="TLSv1" will enable SSLv3 and TLSv1
5) setProtocol="SSL" will enable SSLv3 and TLSv1
6) setProtocol="SSLv3" will enable SSLv3 and TLSv1
7) setProtocol="SSLv2" won't work
So, in order to restrict available protocols only to TLSv1.1, you need
to add parameter sslEnabledProtocols="TLSv1.1" to your connector.
Note that even if some protocol is not enabled by default, you may
enable it by specifying sslEnabledProtocols parameter. E.g.
sslProtocol="SSL" sslEnabledProtocols="TLSv1.1"
is somewhat confusing, but perfectly legal.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
