That looks VERY interesting and not documented. I believe that your valuable experience deserve to be recorded on our documentation website.
Do you think you can find the time to edit https://github.com/apache/james-project/blob/master/src/site/xdoc/server/config-ssl-tls.xml ? The corresponding website page is https://james.apache.org/server/config-ssl-tls.html That would be lovely Best regards, Benoit Tellier On 12/03/2019 17:42, Matt Pryor wrote: > Please disregard this question, after some more digging I found out it was > the /jre/lib/security/java.security file that I needed to edit: > > jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, *DH keySize < 2048*, > \ > EC keySize < 224, 3DES_EDE_CBC, anon, NULL,* SSLv2Hello, SSLv3, TLSv1, > TLSv1.1* > > Thanks > Matt > > On Tue, 12 Mar 2019 at 10:15, Matt Pryor <pr...@international-presence.com> > wrote: > >> Hi there >> >> I was wondering if anyone can point me in the right direction in order to >> disable TLS1.0 for STARTTLS? >> >> I tried adding the following line to the wrapper.conf but it doesn't seem >> to make any difference: >> >> wrapper.java.additional.15=-Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1.3 >> >> Also, when running the diagnostic tool at https://www.htbridge.com/ssl/ >> it complained that the diffie-hellman parameter is too weak (only 1024 >> bytes). Does anyone know how to change this? >> >> Thanks for any tips. >> >> Matt >> >> -- >> Matt Pryor >> Software Developer >> >> The International Presence Group of Companies >> EMAIL: pr...@presencebpm.com >> URL: www.International-presence.com >> >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
