-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Markus,
On 3/5/20 13:44, i...@flyingfischer.ch wrote: > Try SSLProtocol="TLSv1.2" (mind the case) instead of > sslProtocol="-all +TLSv1.2". This is correct when using either OpenSSL or JSSE. "sslProtocol" will only work for JSSE configuration, and basically only allows a single value: "TLS". It's better to use <SSLHostConfig> where it's always just "protocols". > Had this issue too. The connector parameters for SSL are a huge > mess and have been changed constantly. Really? Can you give an example? Other than the change from <Connector> to <SSLHostConfig>, everything has been pretty stable for ... decades. - -chris > Am 05.03.20 um 19:30 schrieb rugman66 .: >> Hello, >> >> >> >> I have both Apache and Tomcat running on the same RHEL. I have >> successfully configured Apache to use OpenSSL TLSv1.2, but I >> cannot get Tomcat to use TLSv1.2. Tomcat for some reason >> >> will only use TLV 1.0, and that is no good. No matter what >> parameter I set in the server.xml sslProtocol directive it won’t >> change. Seems like it’s getting that directive somewhere else but >> I can't locate. >> >> >> >> <Connector >> >> port="8443" >> >> scheme="https" >> >> secure="true" >> >> protocol="org.apache.coyote.http11.Http11AprProtocol" >> >> SSLEnabled="true" >> >> SSLCertificateFile="/auto/englearn-web/ssl_certificate/server.cer" >> >> >> >> SSLCertificateChainFile="/auto/englearn-web/ssl_certificate/chain.cer" >> >> >> SSLCertificateKeyFile="/auto/englearn-web/ssl_certificate/server.key" >> >> >> SSLCipherSuite="RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW" >> >> SSLHonorCipherOrder="true" >> >> maxThreads="150" >> >> clientAuth="false" >> >> sslProtocol="-all +TLSv1.2" >> >> /> >> >> >> >> OpenSSL 1.0.2d >> >> Tomcat 7.0.39 (I know it’s old, but it's what I have to work with >> at this time) >> >> >> Thank you for any insight. >> >> -John >> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5iYQ4ACgkQHPApP6U8 pFgDAxAAgyVgOSV3Mqi0BMjfvHUTY50HSZ8htUMCN7dM6nJcQeKaiC0tVRYMQUgt BNS4gW+1zGxIZwgWxGVPL9bB7kiS8BLv1aRZwFADlrYdkFosGy/+cnITJqqs3HRu jNRp9gqvxtzBnwBt5vEggp72QiV9b1gx174XexQYmmTwyPeT+Sb3SS9QZpbew2wM SiV7NXkYynFm3veRw4b22ljpKMMUEdod8jQUEmW+fD5/ykmrTqHVWk3Pv5Ywnv+W idnyoJ8LDB8sU3bhXobbVomyH2gKWQTGSoDcM/HzS2wmaVA3WCl/9MdOs62ZyPx/ g2JDDANl/WJZzfbBcUrufJA7dvFrU0xYa1MzQRH6mMfuXuMNghs32PvpZu82U50o 1YTs7+vMIMbQceWXejX0rlyqI1sPCPYGJrLQQQ0Oq0qHxoMIsCXBGyhKomqWIi1/ ScyysqnWgGToWQ0BzFcKsX+d6+v+R/EZaYvZK3FotZ8/ilfplsBojAqIdCrAa3i2 xeRi36abxKnj0muVqcvo0D73XJeDVMXfs8puhzsBRxcL9O2kWScG7ZXwxPoViMfN EM2Rg/tgXLp/IeJ7FIMxUNpBhyWllpNR9C01p6CL7Jug9P4V3MiggTmqvNlrQ+Uv e1k5wF3xDbXA50c5ne3q1qCQ8IXajKXeT2iaZrasK+snaMRF9ok= =/cZ+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
