While we've been systematically updating our customer boxes, a few of
our customer boxes are still on Tomcat 7.
I've got the following Connector tag set up in server.xml:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11Protocol"
keystoreFile="/wintouch/tomcat/wttomcat.ks" alias="wintouch"
maxThreads="400" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" compression="on"
compressionMinSize="2048" noCompressionUserAgents="gozilla,
traviata"
compressableMimeType="text/html,text/xml,text/plain,text/css,
text/javascript,text/json,application/x-javascript,
application/javascript,application/json" />
And yet SSLLabs tells me the box in question is still accepting TLS 1.0
and TLS 1.1.
Can anybody shed any light on this? (And yes, I know, "alias" should be
"keyAlias," but it's the only chain in the keystore, so it shouldn't
make any difference.)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org