On 17/07/2020 17:55, James H. H. Lampert wrote: > I've got an issue here. > > On the one hand, we have a Tomcat server running on Amazon (in a > Beanstalk cluster). And we have an AS/400 running an old enough OS that, > so far as I'm aware, cannot be configured to use TLS 1.2 at the current > OS release level. And that AS/400 needs to access that Tomcat server > (which it does, using Scott Klement's open source HTTPAPI product, which > has become pretty much an industry standard for the purpose). > > And on the other hand, we are getting a security report from SSLLabs, > telling us that our security rating is capped at "B" because we allow > TLS 1.0 and 1.1. > > BUT, our entire office is on a static IP address, and we already know > how to open a port on our Amazon firewall to only accept traffic from > our office IP. > > Given all this, is it possible to (1) have Tomcat listen on two separate > HTTPS ports, and (2) have one of the ports require TLS 1.2, but the > other accept something our AS/400 can use?
Yes. You need two Connector elements specifying different ports and different protocols. They should be able to use the same certificate configuration. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org