添加配置项:protocols="TLSv1.2"
<Connector executor="tomcatThreadPool"
port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="30000"
keepAliveTimeout="60000"
maxKeepAliveRequests="150"
URIEncoding="UTF-8"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="102400"
maxPostSize="4194304"
acceptorThreadCount="16"
acceptCount="500"
compression="on"
compressionMinSize="2048"
useSendfile="false"
noCompressionUserAgents="gozilla,traviata"
compressibleMimeType="text/html,text/xml,text/javascript,text/css,text/plain"
SSLEnabled="true">
<SSLHostConfig>
protocols="TLSv1.2"
<Certificate certificateKeystoreFile="ssl/123.jks"
certificateKeystorePassword="123456"
type="RSA" />
</SSLHostConfig>
</Connector>
其它版本:
tomcat使用TLS1.2:添加配置sslEnabledProtocols="TLSv1.2"
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="conf/domains.jks"
keystorePass="xxxxxxxx"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2"/>
java中禁用TLS1.0:
jdk安装目录下jre/lib/security/java.security中修改以下配置(添加TLSv1禁用):
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC
标签:TLS,1.0,1.2,Tomcat,禁用,TLSv1.2,添加 From: https://www.cnblogs.com/wxwgk/p/16938277.html