Chris,
On 7.3.2013 5:58, Christopher Schultz wrote:
Which behavior is right? I prefer how Tomcat 6 is interepreting
that attribute -- trying to enable best possible TLS protocol
versions available.
OTOH, from Tomcat 7 documents it seems that the value of attribute
setProtocol is just passed to JSSE when creating SSLContext. I
assume that Tomcat 6 did some pre-processing before passing that
attribute to SSLContext.
Are you sure it's not a JVM default and not Tomcat's default? Tomcat's
default in both situations is "TLS" which may mean different things
depending upon the JVM configuration.
I am testing both Tomcat 6.0.36 and 7.0.37 with the same, Oracle, JDK
1.7.0_09, on Windows XP SP3.
I just unpack zip ditribution, uncomment default HTTPS connector (with
sslProtocol="TLS" already set), change port 8443 to 443, and test with:
https://www.ssllabs.com/ssltest/
For Tomcat 6.0.36 it reports:
Protocols
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3.0 Yes
SSL 2.0 No
Tomcat 7.0.37:
Protocols
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3.0 Yes
SSL 2.0 No
I agree, it is strange.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
