Disable SSLv3 from Tomcat

Owned by Former user (Deleted)
Last updated: 2019-06-18 by Former user (Deleted)
1 min read

How to disable SSLv3 from Tomcat and define which protocols should be used?


Tomcat has server.xml file which can configured to use required protocols by editing/adding following attributes to connector element: ..\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\server.xml or ..\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml if custom\tomcat doesn’t contain the file.


server.xml

<Connector

port="8443" 

scheme="https" secure="true"

proxyName="sso.example.com" proxyPort="8443"

maxThreads="150" protocol="HTTP/1.1"

useBodyEncodingForURI="true" maxHttpHeaderSize="65536"

SSLEnabled="true"

sslProtocol="TLS" clientAuth="false"

sslEnabledProtocols=”TLSv1.1,TLSv1”

/>

After changes run tomcat/update.cmd



Ubisecure Privacy Policy & Cookie Statement