CA Service Management

  • Private Community

  • 1.  Configure Tomcat for TLSv1.2 on CA SD 14.1

    Posted Jan 18, 2019 07:10 AM

    Hi,

     

    We have a tomcat server v7.0.23, and we want to parameter it only for TLS1.2.

     

    But after following several tutorials (modifying server.xml, adding options at the start of tomcat, ...) but nothing works.
    We're still in TLSv1.0.

     

    Is there any trick to activate TLSv1.2 on tomcat ?



  • 2.  Re: Configure Tomcat for TLSv1.2 on CA SD 14.1

    Broadcom Employee
    Posted Jan 18, 2019 06:26 PM

    A connector entry like mentioned here might help, assuming the Tomcat/Java version that you are using does support TLS 1.2

     

    Enable SSL in Tomcat for CA Service Desk Manager u - CA Knowledge 

     

    <Connector SSLEnabled="true" 

    ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_ CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_C BC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CB C_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC _SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WI TH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" 

    clientAuth="false" keystoreFile="C:\keystore\sdmcert.pfx" 

    keystorePass="YOURPASSWORD" keystoreType="PKCS12" 

    maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>

     

    _R



  • 3.  Re: Configure Tomcat for TLSv1.2 on CA SD 14.1

    Posted Mar 01, 2019 06:59 AM

    Hi,

    This configuration does not change the protocol used, which will always be TLS V1.0, even if I only sslEnabledProtocols="TLSv1.2".