Hi, We are using tomcat version 9.0.46. Could you please provide suggestion to restrict the TLS version in HTTP2 over HTTPS with OpenSSL implementation?.
Regards, Natraj From: Natraj Thekkan Sent: Wednesday, October 13, 2021 10:15 AM To: 'users@tomcat.apache.org' <users@tomcat.apache.org> Subject: Restriction of TLS version in HTTP2 over HTTPS with OpenSSL Hi, We have tried to restrict the TLS version in https connection establishment in embedded tomcat for OpenSSL based implementation. With this part of the code, TLSv1.0/TLSv1.1 client also able to connect with our https server. Please let us know how we can restrict the TLS version in HTTP2 over HTTPS in OpenSSL implementation. Below code is used while creating connector. private final String[] enabledProtocol = new String[] { "TLSv1.2" }; SSLHostConfig sslHostConfig = new SSLHostConfig(); sslHostConfig.setInsecureRenegotiation( false ); sslHostConfig.setCertificateFile( certLocation ); sslHostConfig.setCertificateKeyFile( certKeyLocation ); sslHostConfig.setCertificateKeyPassword( certKeyPassword ); if( isClientAuthreq && caCertificatePath != null && !caCertificatePath.isEmpty() ) { sslHostConfig.setCertificateVerification( CertificateVerification.REQUIRED.toString() ); sslHostConfig.setCaCertificateFile( caCertificatePath ); } sslHostConfig.setSslProtocol("TLS"); sslHostConfig.setEnabledProtocols( enabledProtocol ); this.addSslHostConfig( sslHostConfig ); IntrospectionUtils.setProperty( this, "SSLEnabled", "true" ); IntrospectionUtils.setProperty( this, "sslImplementationName", "org.apache.tomcat.util.net.openssl.OpenSSLImplementation" ); Regards, Natraj