Hello Team, Since past few days i have been struggling with disabling TLSv1.0 in my Tomcat configuration. Here is the content of my server.xml file. I was able to disable SSLv3, and things were working fine but somehow not able to disable TLSv1.0. Really appreciate your suggestions on how to resolve this vulnerability Disabled SSLv3 with below config:==================================================================== <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="Keystore_Pathe" keystorePass="*********" clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="All Ciphers excluding RC4 Ciphers" /> ====================================================================
To disable TLSv1.0 i adopted to below config, fortunately it cleared the scans but my site broke on Https: Reffered Link: http://tomcat.10.x6.nabble.com/How-to-allow-only-TLS-1-1-connections-to-Tomcat-6-0-server-with-https-td4995362.html =====================================================================<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="Keystore_Pathe" keystorePass="*********" clientAuth="false" sslProtocol="TLSv1.1" sslEnabledProtocols="TLSv1.1" ciphers="All Ciphers excluding RC4 Ciphers" />===================================================================== Please help me identify if i am missing on anything. Thanks and Regards,Varun Gulati