-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John,
On 3/5/20 13:30, rugman66 . wrote: > I have both Apache and Tomcat running on the same RHEL. I have > successfully configured Apache to use OpenSSL TLSv1.2, but I cannot > get Tomcat to use TLSv1.2. Tomcat for some reason > > will only use TLV 1.0, and that is no good. No matter what > parameter I set in the server.xml sslProtocol directive it won’t > change. Seems like it’s getting that directive somewhere else but I > can't locate. > > > > <Connector > > port="8443" > > scheme="https" > > secure="true" > > protocol="org.apache.coyote.http11.Http11AprProtocol" > > SSLEnabled="true" > > SSLCertificateFile="/auto/englearn-web/ssl_certificate/server.cer" > > > SSLCertificateChainFile="/auto/englearn-web/ssl_certificate/chain.cer" > > > > SSLCertificateKeyFile="/auto/englearn-web/ssl_certificate/server.key" > > SSLCipherSuite="RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW" > > SSLHonorCipherOrder="true" > > maxThreads="150" > > clientAuth="false" > > sslProtocol="-all +TLSv1.2" For Tomcat 7, use: sslProtocol="TLS" sslEnabledProtocols="TLSv1.2" For JSSE (if you are using NIO, which you are NOT, but might want to consider) and, for OpenSSL: SSLProtocol="TLSv1.2" Case matters, here. Note that your version of Java must support TLSv1.2 in order for this to work. What version of Java are you running? > OpenSSL 1.0.2d > > Tomcat 7.0.39 (I know it’s old, but it's what I have to work with > at this time) Are you able to upgrade to a later Tomcat 7.0.x? There are lots of things fixed between 7.0.39 and 7.0.100. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5iYnAACgkQHPApP6U8 pFgSmw//d4g9Y7+M3kdikpAiEu0Mv5Bd5Ks3vEuABMu0EdsMKrksl1DCOEwzT6XU ySYngMrZo5Tmgxgtl5Hw5U6JLB2TG/VXjqB8HYhGYfNkiKcXahR0YFRtlcAz6htp U923yle2ugtMEUGhLeeA2D92MeAlabMiHTADsKCb6/tLqXxym9DZ0FiwQYiOsFYl hL6SR88Cbkb+zFvUbn7b6MviR5tnZx6QHn0WVKH96uqMR4j/HgeFK8ouzc/E/VIT HjbFn6xxrDNaAPgDLCNR0Lgypb1B2OeDMFc0kjgoTof/E7c7Mc12CKk5JP3DSfWB +azwdqdtwgLdtYFZhKwNMEKUWm+JD9uC70DYK2R9HDWfebHVXSjhLYm32wxTAFHu OKHg1BubYC5RGsNTzbcsckzD3udq5CozvPHPLy6B9wtn/VmsPUowjcVwYjcl8fOv HOxG4ly7KgnuhMTpp9tBQ10fujR13HJDJmLRo576xzExMOxWSDi0OeWuIvV6zVpV tauYh9wPtxC1i6seveDEQzjcoju7DJT532/DHjdxLZX9mrNkvl2GPSEeymQVbxH6 lwrfWqxckBAD2LAGo7pp+/wTDBNb4o2BX+3bKzePBLo38zkXrlGWX1x2WYpKjSlb 7wxZQfhDvncJ7FmNmyDZlY4Snm1Fo9oiUKx02ldlP03MKurSHpU= =9UNH -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
