Re: SSL issue in tomcat

Tue, 20 Jan 2015 01:41:06 -0800 

Please follow the Apache document for the connector configuration.

Here is the sample connector configuration

 <Connector port="7443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https"
secure="true"
               clientAuth="true" sslProtocol="TLSv1.2"
               keystoreFile="/opt/certs/pay.jks"
               keystorePass="*******" keyAlias="****"
               truststoreFile="/opt/certs/trust.jks"
               truststorePass="**************"
               ciphers="*************************************"/>

[1] http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

On Tue, Jan 20, 2015 at 2:17 PM, Jason Y <day...@gmail.com> wrote:

> Hi folks,
>
> Recently my application cannot be accessible in browser with https version.
> I think it is due to vulnerability in ssl 3.0 issue.
>
> I checked my tomcat configuration and replaced sslProtocol="TLS" with
> sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to disable SSL 3.0.
>
>     <Connector port="8080" protocol="HTTP/1.1"
> >                connectionTimeout="20000"
> >                redirectPort="8443" />
> >     <Connector port="8443"
> > protocol="org.apache.coyote.http11.Http11Protocol"
> >                maxThreads="150" SSLEnabled="true" scheme="https"
> > secure="true"
> >                clientAuth="false"
> > sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="xxx"
> > keystorePass="xxx" />
> >     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
>
> Then I can open my application https link in browser. BUT, good time never
> lasts too long, after several hours, I failed to access my https link
> again.
>
> Anyone has any ideas about this? please share your suggestions...My tomcat
> version is 7.0.55
>
> Thank you all very much.
>
> On Tue, Jan 20, 2015 at 3:56 PM, Jason Y <day...@gmail.com> wrote:
>
> > Hi folks,
> >
> > Recently my application cannot be accessible in browser with https
> > version. I think it is due to vulnerability in ssl 3.0 issue.
> >
> > I checked my tomcat configuration and replaced sslProtocol="TLS" with
> > sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to disable SSL 3.0.
> >
> >     <Connector port="8080" protocol="HTTP/1.1"
> >>                connectionTimeout="20000"
> >>                redirectPort="8443" />
> >>     <Connector port="8443"
> >> protocol="org.apache.coyote.http11.Http11Protocol"
> >>                maxThreads="150" SSLEnabled="true" scheme="https"
> >> secure="true"
> >>                clientAuth="false"
> >> sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="xxx"
> >> keystorePass="xxx" />
> >>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
> >
> >
> > Then I can open my application https link in browser. BUT, good time
> never
> > lasts too long, after several hours, I failed to access my https link
> > again.
> >
> > Anyone has any ideas about this? please share your suggestions...My
> tomcat
> > version is 7.0.55
> >
> > Thank you all very much.
> >
>

Reply via email to