Alternatively, if you are running embedded Tomcat as part of the WAR: https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#embedded-container
I believe the options you would need are: server.ssl.protocol=TLS server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 From: cas-user@apereo.org <cas-user@apereo.org> On Behalf Of Andrew Marker Sent: Monday, July 18, 2022 10:35 AM To: cas-user@apereo.org Subject: [EXTERNAL SENDER] Re: [cas-user] How to change TLS from 1.0 to 1.1 I think that is actually managed in the application server: Tomcat for example. So the settings and how you configure it will be determined the how your deploy and what you're using to run CAS. https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html. Many of the settings like this can be set in configuration or as a startup parameter. Below are examples ripped from the documentation, not a recommendation. <Connector protocol="org.apache.coyote.http11.Http11AprProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="/usr/local/ssl/server.crt" SSLCertificateKeyFile="/usr/local/ssl/server.pem" SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/> Andrew Marker 785.505.0714 | atmar...@gmail.com<mailto:atmar...@gmail.com> On Sun, Jul 17, 2022 at 10:59 AM Andrea Colajacomo <andrea.colajac...@alecsandria.it<mailto:andrea.colajac...@alecsandria.it>> wrote: Hi all, we have a version of CAS now not very recent (6.1) and we urgently need to disable TLS 1.0 in favor of TLS 1.1, but it is not clear to us how we can do it nor have we found anything in the documentation. Can anyone help us ? Thanks to all Andrea -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/eb52635b-2fa0-4f11-b000-43bcc937931bn%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/eb52635b-2fa0-4f11-b000-43bcc937931bn%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGGVe%2BFYV%2Bv334eHBhgEHc_Q5nfYm_NBujuYih9WaNGTKjwHCQ%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGGVe%2BFYV%2Bv334eHBhgEHc_Q5nfYm_NBujuYih9WaNGTKjwHCQ%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/755549f9acc9414091d235fe4c1fa9b0%40mun.ca.