James,
On 8/10/22 11:57, James H. H. Lampert wrote:
Interesting. The new "protocols" parameter.
Does this work with the traditional syntax? Can "protocols" and
"sslProtocol" coexist in the same Connector?
It's pretty important here to specify your Tomcat version number(s). I
see you have
Thanks Mark!!!
> -Original Message-
> From: Mark Thomas
> Sent: Wednesday, August 10, 2022 2:43 PM
> To: users@tomcat.apache.org
> Subject: Re: Simple SSL question
>
> On 10/08/2022 19:22, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Ok, I'm asking a rather simple, stupid (in my
On 10/08/2022 19:22, jonmcalexan...@wellsfargo.com.INVALID wrote:
Ok, I'm asking a rather simple, stupid (in my opinion) question, but here goes:
What is the best practice form of connector for SSL. Is it the old-school coyote
connector or the connector with the section?
The old style
Ok, I'm asking a rather simple, stupid (in my opinion) question, but here goes:
What is the best practice form of connector for SSL. Is it the old-school
coyote connector or the connector with the section?
Are the two interchangeable, or does the SSLHostConfig one rely on openssl and
won't
On 8/10/22 6:50 AM, Brian Wolfe wrote:
You can disable the protocols at the java level in the java.security file
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, TLSv1,
TLSv1.1
I think that's exactly what I did on "Customer Box #1" (and forgot to
document having done).
On 8/10/22 8:52 AM, Jason Hall wrote:
If you have another network device in front of your server - that could be what
is trumping the app server's settings.
I'd planned on investigating that as well.
But it *looks* like the cert I'm seeing matches the cert in the keystore
their Tomcat is
Interesting. The new "protocols" parameter.
Does this work with the traditional syntax? Can "protocols" and
"sslProtocol" coexist in the same Connector?
All our customer installations use JSSE security with a Java Keystore;
I've never configured a successful IBM Midrange installation any
If you have another network device in front of your server - that could be what
is trumping the app server's settings.
For example - We have an F5 device sitting in front of our app server - so
SSLLabs will pick up those settings before it even hits my actual app server.
thanks,
You can disable the protocols at the java level in the java.security file
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, TLSv1,
TLSv1.1
On Wed, Aug 10, 2022 at 5:09 AM Thomas Hoffmann (Speed4Trade GmbH)
wrote:
> Hello Peter,
>
> > -Ursprüngliche Nachricht-
> >
Hello Peter,
> -Ursprüngliche Nachricht-
> Von: logo
> Gesendet: Mittwoch, 10. August 2022 10:22
> An: Tomcat Users List
> Betreff: Re: AW: SSLLabs scan shows TLSv1.0 and TLSv1.1 even though I have
> sslProtocol="TLSv1.2"
>
> Thomas,
>
> Am 2022-08-10 08:59, schrieb Thomas Hoffmann
Thomas,
Am 2022-08-10 08:59, schrieb Thomas Hoffmann (Speed4Trade GmbH):
Hello,
-Ursprüngliche Nachricht-
Von: Peter Kreuser
Gesendet: Mittwoch, 10. August 2022 08:44
An: Tomcat Users List
Betreff: Re: SSLLabs scan shows TLSv1.0 and TLSv1.1 even though I have
sslProtocol="TLSv1.2"
Hello,
> -Ursprüngliche Nachricht-
> Von: Peter Kreuser
> Gesendet: Mittwoch, 10. August 2022 08:44
> An: Tomcat Users List
> Betreff: Re: SSLLabs scan shows TLSv1.0 and TLSv1.1 even though I have
> sslProtocol="TLSv1.2"
>
>
>
> James,
>
> the most recent connector attribute is
James,
the most recent connector attribute is "protocols". The documentation is a bit
vague on this saying there is an overlap between the two, yet I don't know if
the overlap is there if protocols is unset and defaults to "all"
13 matches
Mail list logo