> From: Mudassir Aftab [mailto:withmudas...@gmail.com]
> Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47
> I need TLSv1.2 support for tomcat
That's available by default with current OpenSSL versions.
> Also what will be the preferable connector settings ?
Whatever you need them to be. The values depend entirely on your applications
and environment.
> I am using following connector in Apache Tomcat/7.0.42
> <Connector port="8443"
. . .
> sslEnabledProtocols="TLSv1.2"
The above attribute is for the BIO and NIO connectors, not the APR one you are
using. You should instead specify:
SSLProtocol="TLSv1"
if you want to eliminate SSLv3 (but your client might not like that). You can
also set SSLCipherSuite to avoid enabling insecure encryption mechanisms (see
http://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher).
> An error occurred during a connection to confidential.com:8443. Cannot
> communicate securely with peer: no common encryption algorithm(s).
This means the client you're using and your build of OpenSSL have nothing in
common. Use Wireshark or tcpdump and determine just which protocols your
client is attempting to negotiate with, and insure that those are enabled in
your build of OpenSSL.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
