It works quite well. Sorry for the top post, I only have outlook and it sucks in this respect.
Dream * Excel * Explore * Inspire Jon McAlexander Asst Vice President Middleware Product Engineering Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -----Original Message----- From: Mark Thomas <ma...@apache.org> Sent: Friday, July 17, 2020 12:03 PM To: users@tomcat.apache.org Subject: Re: SSL/TLS issue: can we listen on more than one secured port, with different protocols enabled? On 17/07/2020 17:55, James H. H. Lampert wrote: > I've got an issue here. > > On the one hand, we have a Tomcat server running on Amazon (in a > Beanstalk cluster). And we have an AS/400 running an old enough OS > that, so far as I'm aware, cannot be configured to use TLS 1.2 at the > current OS release level. And that AS/400 needs to access that Tomcat > server (which it does, using Scott Klement's open source HTTPAPI > product, which has become pretty much an industry standard for the purpose). > > And on the other hand, we are getting a security report from SSLLabs, > telling us that our security rating is capped at "B" because we allow > TLS 1.0 and 1.1. > > BUT, our entire office is on a static IP address, and we already know > how to open a port on our Amazon firewall to only accept traffic from > our office IP. > > Given all this, is it possible to (1) have Tomcat listen on two > separate HTTPS ports, and (2) have one of the ports require TLS 1.2, > but the other accept something our AS/400 can use? Yes. You need two Connector elements specifying different ports and different protocols. They should be able to use the same certificate configuration. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
