You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2021/01/12 19:31:57 UTC

[PROPOSAL] Change default SSLHostConfig.protocols

All,

For Tomcat 10 (only), I propose we change the default SSLHostConfig 
protocols attribute from the current "SSLv2Hello, TLSv1, TLSv1.1, 
TLSv1.2, TLSv1.3" to SSLv2Hello, TLSv1.2, TLSv1.3".

(That is, remove TLSv1 and TLSv1.1 from the default list.)

Any objections?

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [PROPOSAL] Change default SSLHostConfig.protocols

Posted by Mark Thomas <ma...@apache.org>.

On 12/01/2021 19:31, Christopher Schultz wrote:
> All,
> 
> For Tomcat 10 (only), I propose we change the default SSLHostConfig
> protocols attribute from the current "SSLv2Hello, TLSv1, TLSv1.1,
> TLSv1.2, TLSv1.3" to SSLv2Hello, TLSv1.2, TLSv1.3".
> 
> (That is, remove TLSv1 and TLSv1.1 from the default list.)
> 
> Any objections?

None here.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org