subject:"\[PROPOSAL\] Change default TLS protocol from \"all\" to \"TLSv1.2,TLSv1.3\" in Tomcat 10.1"

Re: [PROPOSAL] Change default TLS protocol from "all" to "TLSv1.2,TLSv1.3" in Tomcat 10.1

2022-02-28 Thread Igal Sapir

On Mon, Feb 28, 2022 at 8:12 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> All,
>
> As the subject says.
>
> Or, perhaps, redefine "all" to be "TLSv1.2,TLSv1.3" similarly to what we
> did in the past when removing SSLv3 from the definition of "all".
>
> I think this should be done with Tomcat 10.1 (relatively new) to set a
> precedent moving forward, but not 8.5 or 9.0 to avoid disrupting
> production deployments.
>

+1

Igal



>
> -chris
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

[PROPOSAL] Change default TLS protocol from "all" to "TLSv1.2,TLSv1.3" in Tomcat 10.1

2022-02-28 Thread Christopher Schultz


All,

As the subject says.

Or, perhaps, redefine "all" to be "TLSv1.2,TLSv1.3" similarly to what we 
did in the past when removing SSLv3 from the definition of "all".


I think this should be done with Tomcat 10.1 (relatively new) to set a 
precedent moving forward, but not 8.5 or 9.0 to avoid disrupting 
production deployments.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PROPOSAL] Change default TLS protocol from "all" to "TLSv1.2,TLSv1.3" in Tomcat 10.1

[PROPOSAL] Change default TLS protocol from "all" to "TLSv1.2,TLSv1.3" in Tomcat 10.1

2 matches

Site Navigation

Mail list logo

Footer information