最近 audit 部门要求升级TLSv1.2, 参考网上的文章:
How to configure Apache Tomcat for TLS 1.2 only (igel.com)
java - How can I disable TLSv1.0 with spring boot and embedded tomcat? - Stack Overflow
在server.xml 中修改:
Before: sslProtocol="TLS"
After: sslProtocol="TLSv1.2" sslEnabledProtocols ="TLSv1.2"
后来测试: sslProtocol="TLS" sslEnabledProtocols ="TLSv1.2"好像也可以。
测试方法:1: 上面修改后,restart tomcat
2: 执行下面的命令:
openssl s_client -connect localhost:8443 -tls1
openssl s_client -connect localhost:8443 -tls1_1
openssl s_client -connect localhost:8443 -tls1_2 (只有这条命令有返回SSL 的信息)
参考文章:
How to configure Apache Tomcat for TLS 1.2 only (igel.com)
java - How can I disable TLSv1.0 with spring boot and embedded tomcat? - Stack Overflow