Configure Tomcat to require TLS v1.2 as proposed in the InCommon Base…

…line Expectations 2.0 (https://spaces.at.internet2.edu/x/4YbVCQ).
docker · Feb 1, 2021 · 9cae529 · 9cae529
1 parent 87a00b9
commit 9cae529
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/container_files/tomcat/server.xml b/container_files/tomcat/server.xml
@@ -4,12 +4,18 @@
   <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
 
   <Service name="Catalina">
-<Connector
+
+    <Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="443" maxThreads="200"
-          scheme="https" secure="true" SSLEnabled="true"
-          keystoreFile="/opt/certs/keystore.jks" keystorePass="password"
-          clientAuth="false" sslProtocol="TLS"/>
+          scheme="https" secure="true" SSLEnabled="true">
+      <SSLHostConfig protocols="TLSv1.2">
+        <Certificate
+          certificateKeystoreFile="/opt/certs/keystore.jks" 
+          certificateKeystorePassword="password" />
+      </SSLHostConfig>
+    </Connector>
+
     <Engine name="Catalina" defaultHost="localhost">
 
       <Host name="localhost"  appBase="webapps"