I think this may have come up before, but I don't recall how it was
resolved.
On customer box #1, I have:
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
address="<REDACTED>"
maxThreads="400" SSLEnabled="true" scheme="https"
secure="true"
keystoreFile="<REDACTED>/tomcat/wttomcat.ks"
keyAlias="<REDACTED>"
ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
clientAuth="false" sslProtocol="TLSv1.2" />
and an SSLLabs scan shows it accepting only TLSv1.2, as it should.
But on customer box #2, I have:
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="<REDACTED>/tomcat/wttomcat.ks"
keyAlias="<REDACTED>"
clientAuth="false" sslProtocol="TLSv1.2" />
and an SSLLabs scan shows it accepting TLSv1.0, TLSv1.1, and TLSv1.2.
What could be wrong here? I vaguely recall seeing something like this
before.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
