You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by mark smith <ma...@gmail.com> on 2009/12/04 16:40:02 UTC

TLS only

Hi All,

I have a requirement to configure tomcat to make use of TLS only for all the
secure communication from browser. SSLProtocol="TLS" in Connector tag in
server.xml supports both SSLv3 and TLSv1.

Please help to disable SSLv3 and have only TLSv1 enabled.

I found a similar request in the archives and the suggested solution of
adding protocols="TLSv1" in connector tag did not work. Tomcat would not
even start.

Link the archive
http://marc.info/?l=tomcat-user&m=114211244119307&w=2

Thanks a lot for your help.

Regards,
Mark

Re: TLS only

Posted by Mark Thomas <ma...@apache.org>.

mark smith wrote:
> Hi All,
> 
> I have a requirement to configure tomcat to make use of TLS only for all the
> secure communication from browser. SSLProtocol="TLS" in Connector tag in
> server.xml supports both SSLv3 and TLSv1.
> 
> Please help to disable SSLv3 and have only TLSv1 enabled.

Use the ciphers attribute on the connector to limit the cipher suites to
just the ones you want.

Mark




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org