1

I have a Tomcat 7.0 server that I want to configure to listen on HTTPS port. I'm using Nio protocol and I want it to support both SSLv3 and TLS protocols (I know that SSLv3 is insecure, but I need to provide that ability). Here is how it looks now:

<Connector port="443" SSLEnabled="true" clientAuth="false" disableUploadTimeout="true" enableLookups="false" keyAlias="myalias" keystoreFile="mykeystore" keystorePass="mypass" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" sslEnabledProtocols="SSLv3,TLSv1,TLSv1.1,TLSv1.2" />

The question is what value should I use as sslProtocol? According to documentation SSL enables any SSL protocol, and TLS any TLS protocol, but how to enable both? I tried to set "SSL,TLS" and "SSL_TLS" but these values are invalid.

Improve this question

1 Answer 1

Reset to default
1

According to examples in Tomcat 7 SSL/TLS HOWTO, Edit the Tomcat Configuration File the delimiter is +:

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector protocol="org.apache.coyote.http11.Http11AprProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="/usr/local/ssl/server.crt" SSLCertificateKeyFile="/usr/local/ssl/server.pem" SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/>

Strange this is not in the documentation!

Improve this answer
1
  • 1
    It should work for APR connector, but Nio fails. I followed this documentation: tomcat.apache.org/tomcat-7.0-doc/config/http.html. It says nothing about sslProtocol possible values though. Also I can't replace Nio with Apr at the moment, so I need to find a solution for Nio. Commented Aug 16, 2017 at 12:12

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.