2016-06-21 19:08 GMT-04:00 Joleen Barker <oldenuf2no...@gmail.com>: > Hello Daniel, > > Thank you for your replies. > > Yes, I have the Java build 1.7.0_71 installed and I have the Unlimited > security package installed as the application from the vendor requires it. > > Ok, you say never to edit the catalina,sh. I can change it back. The > settings originally was SSL_VERSION="-Dhttps.protocol=TLSv1" > > I believe this is not from the original version of the file. I have no longer any Tomcat 7 installed to check this, however if I am checking my Tomcat 8 catalina.sh, there is no SSL_VERSION environment variable anywhere. If you are having an already modified catalina.sh, it will be difficult to provide any meaningful guidance.
> Why is it set for only one version in the catalina.sh what is having this > set to one version limiting us to? > > It seems your catalina.sh has already been modified by someone else. This doesn't look like the vanilla version of the catalina.sh file. > Our connector has this set in it: > > sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" sslProtocol="TLS" > > Is this all we need to allow TLSv1.2 clients to come in and for Tomcat > acting as a client to go out as TLSv1.2? You didn't provide enough details about your connector, so, read this page: https://tomcat.apache.org/tomcat-7.0-doc/config/http.html I assume you are configuring a NIO or BIO connector, then sslProtocol="TLS" is the only needed attribute to support TLSv1, TLSv1.1 and TLSv1.2. The sslEnabledProtocols attribute is not necessary since it overalps with sslProtocol attribute. Note if you do not specify this attribute it defaults to TLS anyway. If you read the documentation page above, you will see the sslProtocol attribute is actually passing the value to Java 7. That's why there is no need to temper with the catalina.sh to try to set this for Java before hand. The proper way to configure Tomcat is to modify files in the conf directory only. Playing with files in bin and lib is not a recommended approach. ---------------- Daniel Savard
