docker · pcaskey · Feb 1, 2021 · Feb 1, 2021 · Feb 1, 2021 · Feb 1, 2021
diff --git a/container_files/tomcat/server.xml b/container_files/tomcat/server.xml
@@ -4,12 +4,23 @@
   <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
 
   <Service name="Catalina">
-<Connector
-          protocol="org.apache.coyote.http11.Http11NioProtocol"
-          port="443" maxThreads="200"
-          scheme="https" secure="true" SSLEnabled="true"
-          keystoreFile="/opt/certs/keystore.jks" keystorePass="password"
-          clientAuth="false" sslProtocol="TLS"/>
+
+    <Connector
+        protocol="org.apache.coyote.http11.Http11NioProtocol"
+        port="443" maxThreads="200"
+        scheme="https" secure="true" SSLEnabled="true">
+      <SSLHostConfig
+          ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
+          disableSessionTickets="true"
+          honorCipherOrder="false"
+          protocols="TLSv1.2,TLSv1.3">
+        <Certificate
+            certificateKeystoreFile="/opt/certs/keystore.jks" 
+            certificateKeystorePassword="password" />
+      </SSLHostConfig>
+      <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
+    </Connector>
+
     <Engine name="Catalina" defaultHost="localhost">
 
       <Host name="localhost"  appBase="webapps"