Chris,
On 6.3.2013 7:02, Christopher Schultz wrote:
So in
Tomcat 7 you might use:
sslProtocol="TLSv1.1" sslEnabledProtocols="TLSv1.1"
and in Tomcat 6.0.32:
sslProtocol="TLSv1.1" protocols="TLSv1.1"
It works for me.
Can you file a bug for this? That should be a) documented and b)
accept either "protocol" or "sslEnabledProtocols" to make it line-up
with Tomcat 7.0.
Sure, I will. But, before I do, I just want to point out here to another
issue:
Attribute setProtocol="TLS" -- which is how both Tomcat 6.0.36 and
Tomcat 7.0.37 comes pre-configured -- enables different groups of
protocols on Tomcat 6 and Tomcat 7. Tomcat 6.0.36 will enable SSLv3,
TLSv1, TLSv1.1 and TLSv1.2, while Tomcat 7.0.37 will enable SSLv3 and
TLSv1. This is counter-intuitive and might introduce problems when
upgrading from Tomcat 6 to Tomcat 7.
Which behavior is right? I prefer how Tomcat 6 is interepreting that
attribute -- trying to enable best possible TLS protocol versions available.
OTOH, from Tomcat 7 documents it seems that the value of attribute
setProtocol is just passed to JSSE when creating SSLContext. I assume
that Tomcat 6 did some pre-processing before passing that attribute to
SSLContext.
WDYT?
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
