Skip to content

Commit

Permalink
Merge pull request #87 from tfleury/TLS12
Browse files Browse the repository at this point in the history 
Configure Tomcat to require TLS v1.2 and 1.3
  • Loading branch information
@pcaskey
pcaskey authored Feb 1, 2021
2 parents cc1ee0f + 3cc7b38 commit 3a3fbc1
Showing 1 changed file with 17 additions and 6 deletions.
23 changes: 17 additions & 6 deletions container_files/tomcat/server.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,23 @@
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />

<Service name="Catalina">
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/opt/certs/keystore.jks" keystorePass="password"
clientAuth="false" sslProtocol="TLS"/>

<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true">
<SSLHostConfig
ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
disableSessionTickets="true"
honorCipherOrder="false"
protocols="TLSv1.2,TLSv1.3">
<Certificate
certificateKeystoreFile="/opt/certs/keystore.jks"
certificateKeystorePassword="password" />
</SSLHostConfig>
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
</Connector>

<Engine name="Catalina" defaultHost="localhost">

<Host name="localhost" appBase="webapps"
Expand Down

0 comments on commit 3a3fbc1

Please sign in to comment.