All,
I am running tomcat 7.0.26 with APR on RHEL 5.10 (x86_64) . My
server.xml 's configuration for the https connector is as follows:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1"
SSLCertificateKeyFile="/u01/apache-tomcat-7.0.26/conf/servey_xxx.key"
SSLCertificateFile="/u01/apache-tomcat-7.0.26/conf/server_xxx.crt"
SSLCACertificateFile="/u01/apache-tomcat-7.0.26/conf/SSL123_CA_Bundle.pem"
/>
I also tried sslProtocol with different values of TLS, TLSv1.1, and
TLSv1.2, but the ssl tests such the ones from SSLLabs or Thawte claim
that my server still has SSLv3 enabled.
Any advice is greatly appreciated.
Thanks,
Vu
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org