On 06/02/2019 17:21, James H. H. Lampert wrote: > Thanks. I do have some follow up questions > > On 2/6/19, 1:04 AM, Mark Thomas wrote: >> On the TLS Connector: >> >> sslEnabledProtocols="TLSv1.1,TLSv1.2" > > Ok. So the active connector we currently have for this particular > installation (which has multiple IP addresses, hence the "address" > clause) is: >> <Connector port="443" >> protocol="org.apache.coyote.http11.Http11Protocol" address="REDACTED" >> maxThreads="150" SSLEnabled="true" scheme="https" >> secure="true" >> keystoreFile="REDACTED" keyAlias="REDACTED" >> >> ciphers="SSL_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA" >> clientAuth="false" sslProtocol="TLS" /> > > So I can just add the sslEnabledProtcols clause to the end of this?
Yes. >>> 17369 - HTTP Security Header Not Detected. >> It looks like this one: >> >> https://community.qualys.com/thread/17369-http-security-header-not-detected >> > > I concur on that, but how do I add the headers it's looking for? Depending on what exactly what is missing, the built-in HttpHeaderSecurityFilter may be able to help. If that can't met the requirement you'll probably need to write a custom Filter - or get the app devs to add one. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
