Enforcing a Secure Connection
Hey folks!
There is an urgent federal mandate that all websites must disable weak ciphers and force TLS 1.2 (disabling lower versions).
I edited server.xml and added to the port 443 connector:
sslProtocol="TLSv1.2"
sslEnabledProtocols="TLSv1.2"
ciphers="ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA"
(the other SSL parameters to enable it were already defined).
This didn't work at all.
What am I missing? Do I need to do something with catalina, or on a different connector?
Thanks
There is an urgent federal mandate that all websites must disable weak ciphers and force TLS 1.2 (disabling lower versions).
I edited server.xml and added to the port 443 connector:
sslProtocol="TLSv1.2"
sslEnabledProtocols="TLSv1.2"
ciphers="ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES128-SHA,ECDHE-ECDSA-AES128-SHA"
(the other SSL parameters to enable it were already defined).
This didn't work at all.
What am I missing? Do I need to do something with catalina, or on a different connector?
Thanks