-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ognjen,
On 3/5/13 8:29 AM, Ognjen Blagojevic wrote:
> Brijesh,
>
> On 5.3.2013 11:47, Brijesh Deo wrote:
>> Thanks Ognjen. I tried with -Dhttps.protocols="TLSv1.1" in
>> Tomcat startup but even this doesn’t work with Tomcat 6.0. Looks
>> like upgrading to Tomcat 7.0 seems to be the only way to achieve
>> this easily through configuration in server.xml.
>
> That was strange, so I started looking where Tomcat 6.0.32 sets
> enabled protocols. Here it is (JSSESocketFactory.java, lines
> 789-791):
>
> String requestedProtocols = (String) attributes.get("protocols");
> setEnabledProtocols(socket, getEnabledProtocols(socket,
> requestedProtocols));
>
> It seems that Tomcat 6.0.32 (and probably other 6.0.xx versions)
> use undocumented attribute for HTTPS connector "protocols". So in
> Tomcat 7 you might use:
>
> sslProtocol="TLSv1.1" sslEnabledProtocols="TLSv1.1"
>
> and in Tomcat 6.0.32:
>
> sslProtocol="TLSv1.1" protocols="TLSv1.1"
>
>
> It works for me.
Can you file a bug for this? That should be a) documented and b)
accept either "protocol" or "sslEnabledProtocols" to make it line-up
with Tomcat 7.0.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEAREIAAYFAlE23AwACgkQ9CaO5/Lv0PBkQQCgv8Qe2hXUBFzEgdrid/xtxpVw
K9gAnRTfzcNp5yoJJhpHo2WlV3WpDQ8/
=5T/s
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
