Dave, > The requirement for HTTPS is only a recent requirement and the application is > now heavily dependent on Java 8. At this point I don’t know just how old a > version of Tomcat I would need to make it work and I would have to make > significant changes to the code in order to make it Java 6/7 compliant. > > Thanks for the suggestion though. > > Dave > > > On 4 Oct 2016, at 08:48, André Warnier (tomcat) <a...@ice-sa.com> wrote: > > > > On 04.10.2016 09:38, Garratt, Dave wrote: > >> I have Apache Tomcat 8 working ok with https when I connect to my web page > >> using a recent browser (desktop) or iPhone for example. However this > >> specific application is designed to run on a Motorola MC9090 hand held > >> wireless barcode scanner running a relatively old version of Windows > >> Mobile. The browser on that device can only load the HTTP page and not the > >> HTTPS page, giving a unable to open page message. Speaking to a “expert” > >> on these scanners the consensus of opinion is that the type of encryption > >> used by Apache Tomcat 8 is more up to date than the mobile devices browser > >> can support. As it does not appear likely that the mobile devices are > >> going to be updated any time soon I was wondering if its possible to force > >> Tomcat to accept deprecated protocols rather than be forced to revert to > >> plain HTTP. > >> > >> Any ideas or ideally an example of how this might look in a config file > >> would be most appreciated. > >> > >> > > > > Naive question : if you are dealing anyway with old devices that cannot be > > replaced by new devices, then why do you not just keep using the > > correspondingly old version of tomcat and of the JVM ? > > > > > >
In my opinion weakening the security of the majority of users (there are seemingly others) is a pretty bad thing to do. My suggestion would be a different connector on a separate port for the handhelds. Configure this either on HTTP or a specific supported SSL protocol and ciphers. It would probably mean to reconfigure the handhelds, to add a hole into the firewall for the new port, but that could be restricted to the location/subnet of the handhelds. You will need to get an exemption from the https-requirement for the handhelds anyways, so that may be a way to get a compensating control. Best regards Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
