Mark,
On 10/19/21 04:17, Mark Thomas wrote:
On 19/10/2021 06:20, Natraj Thekkan wrote:
Hi Mark or Chris,
Based on Chris statement, it has to be addressed in tomcat.
No, you has misunderstood Chris's statement.
+1
I was suggesting a related beehavior in Tomcat that would not affect the
Hi,
@ Thomas Hoffmann, Mark and Chris,
Thanks for your suggestion.
We have done changes as per the xml configuration provided by Thomas Hoffmann
and then verified the scenario. Now, client connection with TLS1.1 and TLS1.0
are restricted as expected.
Hello,
I can recommend SSLScan for verifying your configuration:
https://github.com/rbsec/sslscan/releases/tag/2.0.10
Example configuration which I use:
SSLScan reports this result:
SSL/TLS Protocols:
SSLv2 disabled
SSLv3 disabled
TLSv1.0
On 19/10/2021 06:20, Natraj Thekkan wrote:
Hi Mark or Chris,
Based on Chris statement, it has to be addressed in tomcat.
No, you has misunderstood Chris's statement. All the evidence so far
points to user error.
Again, you need to provide the simplest, *complete* test case (i.e. the
Hi Mark or Chris,
Based on Chris statement, it has to be addressed in tomcat. Can I raise a Bug
in Bugzilla for this observation?.
Regards,
Natraj
-Original Message-
From: Christopher Schultz
Sent: Monday, October 18, 2021 10:14 PM
To: users@tomcat.apache.org
Subject: Re: Restriction
Natraj,
On 10/18/21 01:19, Natraj Thekkan wrote:
@Mark
Thanks for your response.
We have tested by removing that line of code, still client able to establish
the connection with server using TLSv1 and TLSv1.1. Below one is configured in
java.security file.
On 18/10/2021 06:19, Natraj Thekkan wrote:
Hi,
@Mark
Thanks for your response.
We have tested by removing that line of code, still client able to establish
the connection with server using TLSv1 and TLSv1.1. Below one is configured in
java.security file.
Hi,
@Mark
Thanks for your response.
We have tested by removing that line of code, still client able to establish
the connection with server using TLSv1 and TLSv1.1. Below one is configured in
java.security file.
On 14/10/2021 10:28, Natraj Thekkan wrote:
Hi,
We are using tomcat version 9.0.46.
Could you please provide suggestion to restrict the TLS version in HTTP2 over
HTTPS with OpenSSL implementation?.
The code below is sufficient, assuming that is then the connector that
is being used by the
Hi,
We are using tomcat version 9.0.46.
Could you please provide suggestion to restrict the TLS version in HTTP2 over
HTTPS with OpenSSL implementation?.
Regards,
Natraj
From: Natraj Thekkan
Sent: Wednesday, October 13, 2021 10:15 AM
To: 'users@tomcat.apache.org'
Subject: Restriction of TLS
Hi,
We have tried to restrict the TLS version in https connection establishment in
embedded tomcat for OpenSSL based implementation. With this part of the code,
TLSv1.0/TLSv1.1 client also able to connect with our https server. Please let
us know how we can restrict the TLS version in HTTP2
11 matches
Mail list logo