On 8/13/2021 5:27 PM, James H. H. Lampert wrote:
While we've been systematically updating our customer boxes, a few of
our customer boxes are still on Tomcat 7.

I've got the following Connector tag set up in server.xml:

<Connector port="443"
     protocol="org.apache.coyote.http11.Http11Protocol"
     keystoreFile="/wintouch/tomcat/wttomcat.ks" alias="wintouch"
     maxThreads="400" SSLEnabled="true" scheme="https" secure="true"
     clientAuth="false" sslProtocol="TLSv1.2" compression="on"
     compressionMinSize="2048" noCompressionUserAgents="gozilla,
     traviata" compressableMimeType="text/html,text/xml,text/plain,text/css,      text/javascript,text/json,application/x-javascript, application/javascript,application/json" />
And yet SSLLabs tells me the box in question is still accepting TLS 1.0 and TLS 1.1.

Can anybody shed any light on this? (And yes, I know, "alias" should be "keyAlias," but it's the only chain in the keystore, so it shouldn't make any difference.)

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html

Search for sslEnabledProtocols

. . . just my two cents
/mde/

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to