Enable TLS 1.2 only in apache-tomcat-9 and Java 8

lab bhattacharjee picture lab bhattacharjee · Oct 17, 2018 · Viewed 20.9k times · Source

I have deployed my web application in Apache Tomcat 9.x.x and I have two options for Java

  • Openjdk version 1.8.x
  • Oracle Java 1.8.x

I need to allow TLS 1.2 only.

Please help guide me to achieve this.

I have tried to follow the following links(Not sure if they are outdated).

But https://www.ssllabs.com/ssltest/analyze.html?d=<< my public IP >> says : TLS 1.1 & TLS 1.0 are still enabled.

how to enable TLS v1.2 in Apache tomcat 8 , I am using Java 8

How do I disable SSLv3 in tomcat?

Does Tomcat support TLS v1.2? (The two steps mentioned by oraclesoon doesn't seem to work)

How do I disable SSLv3 support in Apache Tomcat?

Also HOW TO -- Disable weak ciphers in Tomcat 7 & 8 says sslProtocol is no longer used in java 8

Answer

user3699842 picture user3699842 · Jan 3, 2019

I use tomcat 9.0.14 and JSSE. it works fine. (using TLSV1.1 and TLSV1.2)

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
    <SSLHostConfig protocols="TLSv1.1,TLSv1.2">     
    <Certificate certificateKeystoreFile="conf/keystore.jks" 
                     type="RSA" />
    </SSLHostConfig>
</Connector>

See: https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support