-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dhanesh,
On 1/18/17 6:03 AM, dhanesh1212121212 wrote: > Thanks for the support. This meets our requirement. We are going > with stable java 1.8 version (default TLSv1.2) which has support > for tomcat 7.0.34 + TLSv1.2. I would recommend upgrading to Tomcat 8.0.x or Tomcat 8.5.x if you are going to go through a whole round of testing anyway. > Need one more information. Question is mentioned below. > > Suppose my web server (Apache) and application (Tomcat) is using > TLS1.2 protocol and some other web server with TLSv1.0 or TLSv1.1 > is passing a request to our server. In that case, the "some other web server" is considered the client. > Will the response will be 200Ok without any SSL secure negotiation > error? That depends upon how you configure your server. If you want to accept *only* TLSv1.2, then a client attempting to contact your server using TLSv1 or TLSv1.1 will fail to connect. They will not get an HTTP response. Instead, they'll get a TLS handshake failure. > Will all requests from client (browser) to server will happen > without any error? As long as your clients support the protocols your server does, you should be fine. Most of the world has abandoned SSLv3 at this point, and so should you. Most of the world now supports TLSv1.2, and so should you. The only question is whether or not it is safe for you to disable TLSv1 and TLSv1.1, and whether or not you actually want to do that. Do you have a specific reason to disable TLSv1 and TLSv1.1? If not, leave them enabled and you will reach the widest audience that is currently reasonable. If you want to be as super-secure as you think you can be, disable everything except TLSv1.2. - -chris > On Fri, Dec 16, 2016 at 12:39 PM, <frank.pien...@materna.de> > wrote: > >> This was a typo, no plans for tls 1.3 in java yet >> >> -----Ursprüngliche Nachricht----- Von: Christopher Schultz >> [mailto:ch...@christopherschultz.net] Gesendet: Donnerstag, 15. >> Dezember 2016 22:36 An: Tomcat Users List >> <users@tomcat.apache.org> Betreff: Re: Tomcat Version 7.0.34 + >> jdk 1.6 is not supporting TLS Protocol TLS1.2 >> > Frank, > > On 12/15/16 10:19 AM, frank.pien...@materna.de wrote: >>>> Q1 use recent java8 Version if you want secure TLS 1.3 >>>> choose right cipher. > > That might have been a typo, but I wanted to be clear that Java 8 > doesn't support TLSv1.3. > > TLSv1.3 is still in a draft state, and is not widely-deployed. > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYf4VYAAoJEBzwKT+lPKRYn20QALn+NvIlRKMJyeO6+rw1yR/A YzOSEtNMlRAdJkbOuQP6ceSShNgv18dV6IKDLwJzTwri61Qq0iVb/cC9HzYyb6F2 PStU4VwgveWypJ9UsWq9Lfw2jO1XN9Qu6nuDllF0tQiJIBqGMOfeWwW3/x9sa2qw WMMelkk1nU8en4UfMcWxWtJQwmcvdGwtvF8ixPZZGJoTHL3uqofcOPENe27McorK QOTzP4hzqq7AJV2fGYLlVo4efRNEmYfR1y5wSidqXay7gqqRki05p8HjJNuQGCj9 tuJ84/LiI6vun3E1W/c+7L+PmqwEvwjOYi35FOqhliyo0H5Z4Yp6KFYFHiIYHA/V Y6D46OlEeWnjqBt1z58/Qa9ubWumFjTYTXA3xxXONo/YzsAfI6vi3inty99H8RSH kRsyAkQzEh0FB/WDYBZBWUMvg28IACiFzTEtDuyV5exvLjgtYKwrf4ibaXueA5+h oOgzy54x9gD0miC50qI8ZNUMMtXwa5LXRBU7/jnCEV9K9S5F9BmHJLdADQwPWwUF NJMHolkP5MXwvDj6gsZGCUrjLkUsJpdm7j9vXdhdllh2X5sAyNAb55iIDWACuLe1 V4j+mPE6IgeWfGauy4kmXs2WiyUQQR7fy2Xfvh9MSDQv4Wdxv9HCKSMB9dNEFszl Vymi6g3mZXJy0J9kVEcT =bLM6 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
