How to disable SSLv3 from Tomcat and define which protocols should be used?

Tomcat has server.xml file which can configured to use required protocols by editing/adding following attributes to connector element: ..\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\server.xml or ..\Ubisecure\ubilogin-sso\ubilogin\config\tomcat\conf\server.xml if custom\tomcat doesn’t contain the file.

server.xml

<Connector

port="8443"

scheme="https" secure="true"

proxyName="sso.example.com" proxyPort="8443"

maxThreads="150" protocol="HTTP/1.1"

useBodyEncodingForURI="true" maxHttpHeaderSize="65536"

SSLEnabled="true"

sslProtocol="TLS" clientAuth="false"

sslEnabledProtocols=”TLSv1.1,TLSv1”

…

/>

After changes run tomcat/update.cmd

Related articles

Page:

Disable SSLv3 from Tomcat
Page:

SSO Tomcat and Java vulnerabilities

Browser not supported