On 8/13/2021 5:27 PM, James H. H. Lampert wrote:
While we've been systematically updating our customer boxes, a few of our customer boxes are still on Tomcat 7.I've got the following Connector tag set up in server.xml:And yet SSLLabs tells me the box in question is still accepting TLS 1.0 and TLS 1.1.<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" keystoreFile="/wintouch/tomcat/wttomcat.ks" alias="wintouch" maxThreads="400" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" compression="on" compressionMinSize="2048" noCompressionUserAgents="gozilla,traviata" compressableMimeType="text/html,text/xml,text/plain,text/css, text/javascript,text/json,application/x-javascript, application/javascript,application/json" />Can anybody shed any light on this? (And yes, I know, "alias" should be "keyAlias," but it's the only chain in the keystore, so it shouldn't make any difference.)
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html Search for sslEnabledProtocols . . . just my two cents /mde/
OpenPGP_signature
Description: OpenPGP digital signature