Hi,
We have tried to restrict the TLS version in https connection establishment in
embedded tomcat for OpenSSL based implementation. With this part of the code,
TLSv1.0/TLSv1.1 client also able to connect with our https server. Please let
us know how we can restrict the TLS version in HTTP2 over HTTPS in OpenSSL
implementation.
Below code is used while creating connector.
private final String[] enabledProtocol = new String[] { "TLSv1.2" };
SSLHostConfig sslHostConfig = new SSLHostConfig();
sslHostConfig.setInsecureRenegotiation( false );
sslHostConfig.setCertificateFile( certLocation );
sslHostConfig.setCertificateKeyFile( certKeyLocation );
sslHostConfig.setCertificateKeyPassword( certKeyPassword );
if( isClientAuthreq && caCertificatePath != null &&
!caCertificatePath.isEmpty() )
{
sslHostConfig.setCertificateVerification(
CertificateVerification.REQUIRED.toString() );
sslHostConfig.setCaCertificateFile( caCertificatePath );
}
sslHostConfig.setSslProtocol("TLS");
sslHostConfig.setEnabledProtocols( enabledProtocol );
this.addSslHostConfig( sslHostConfig );
IntrospectionUtils.setProperty( this, "SSLEnabled", "true" );
IntrospectionUtils.setProperty( this, "sslImplementationName",
"org.apache.tomcat.util.net.openssl.OpenSSLImplementation" );
Regards,
Natraj
