1

I have a Tomcat 7.0 server that I want to configure to listen on HTTPS port. I'm using Nio protocol and I want it to support both SSLv3 and TLS protocols (I know that SSLv3 is insecure, but I need to provide that ability). Here is how it looks now:

<Connector
        port="443"
        SSLEnabled="true"
        clientAuth="false"
        disableUploadTimeout="true"
        enableLookups="false"
        keyAlias="myalias"
        keystoreFile="mykeystore"
        keystorePass="mypass"
        protocol="org.apache.coyote.http11.Http11NioProtocol"
        scheme="https"
        secure="true"
        sslProtocol="TLS"
        sslEnabledProtocols="SSLv3,TLSv1,TLSv1.1,TLSv1.2" />

The question is what value should I use as sslProtocol? According to documentation SSL enables any SSL protocol, and TLS any TLS protocol, but how to enable both? I tried to set "SSL,TLS" and "SSL_TLS" but these values are invalid.

username
  • 249
  • 1
  • 4
  • 18

1 Answers1

1

According to examples in Tomcat 7 SSL/TLS HOWTO, Edit the Tomcat Configuration File the delimiter is +:

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
           protocol="org.apache.coyote.http11.Http11AprProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/usr/local/ssl/server.crt"
           SSLCertificateKeyFile="/usr/local/ssl/server.pem"
           SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/>

Strange this is not in the documentation!

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
  • 1
    It should work for APR connector, but Nio fails. I followed this documentation: https://tomcat.apache.org/tomcat-7.0-doc/config/http.html. It says nothing about sslProtocol possible values though. Also I can't replace Nio with Apr at the moment, so I need to find a solution for Nio. – username Aug 16 '17 at 12:12