I've got an issue here.
On the one hand, we have a Tomcat server running on Amazon (in a
Beanstalk cluster). And we have an AS/400 running an old enough OS that,
so far as I'm aware, cannot be configured to use TLS 1.2 at the current
OS release level. And that AS/400 needs to access that Tomcat server
(which it does, using Scott Klement's open source HTTPAPI product, which
has become pretty much an industry standard for the purpose).
And on the other hand, we are getting a security report from SSLLabs,
telling us that our security rating is capped at "B" because we allow
TLS 1.0 and 1.1.
BUT, our entire office is on a static IP address, and we already know
how to open a port on our Amazon firewall to only accept traffic from
our office IP.
Given all this, is it possible to (1) have Tomcat listen on two separate
HTTPS ports, and (2) have one of the ports require TLS 1.2, but the
other accept something our AS/400 can use?
--
James H. H. Lampert
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
