View | Details | Raw Unified | Return to bug 53952
Collapse All | Expand All

(-)webapps/docs/config/http.xml (-3 / +4 lines)
Lines 1190-1198 Link Here
1190
1190
1191
    <attribute name="SSLProtocol" required="false">
1191
    <attribute name="SSLProtocol" required="false">
1192
      <p>Protocol which may be used for communicating with clients. The default
1192
      <p>Protocol which may be used for communicating with clients. The default
1193
      value is <code>all</code>, which is equivalent to <code>SSLv3+TLSv1</code>
1193
      value is <code>all</code>, which is equivalent to
1194
      with other acceptable values being <code>SSLv2</code>,
1194
      <code>SSLv3+TLSv1+TLSv1.1+TLSv1.2</code> with other acceptable values being
1195
      <code>SSLv3</code>, <code>TLSv1</code> and any combination of the three
1195
      <code>SSLv2</code>, <code>SSLv3</code>, <code>TLSv1</code>, <code>TLSv1.1</code>,
1196
      <code>TLSv1.2</code> and any combination of the three
1196
      protocols concatenated with a plus sign. Note that the protocol
1197
      protocols concatenated with a plus sign. Note that the protocol
1197
      <code>SSLv2</code> is inherently unsafe.</p>
1198
      <code>SSLv2</code> is inherently unsafe.</p>
1198
    </attribute>
1199
    </attribute>
(-)webapps/docs/ssl-howto.xml (-1 / +1 lines)
Lines 369-375 Link Here
369
           scheme="https" secure="true" SSLEnabled="true"
369
           scheme="https" secure="true" SSLEnabled="true"
370
           SSLCertificateFile="/usr/local/ssl/server.crt"
370
           SSLCertificateFile="/usr/local/ssl/server.crt"
371
           SSLCertificateKeyFile="/usr/local/ssl/server.pem"
371
           SSLCertificateKeyFile="/usr/local/ssl/server.pem"
372
           SSLVerifyClient="optional" SSLProtocol="TLSv1"/&gt;
372
           SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/&gt;
373
</source>
373
</source>
374
</p>
374
</p>
375
375
(-)java/org/apache/tomcat/jni/SSLContext.java (-2 / +3 lines)
Lines 29-40 Link Here
29
    /**
29
    /**
30
     * Initialize new SSL context
30
     * Initialize new SSL context
31
     * @param pool The pool to use.
31
     * @param pool The pool to use.
32
     * @param protocol The SSL protocol to use. It can be one of:
32
     * @param protocol The SSL protocol to use. It can be bitwise OR of the following:
33
     * <PRE>
33
     * <PRE>
34
     * SSL_PROTOCOL_SSLV2
34
     * SSL_PROTOCOL_SSLV2
35
     * SSL_PROTOCOL_SSLV3
35
     * SSL_PROTOCOL_SSLV3
36
     * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3
37
     * SSL_PROTOCOL_TLSV1
36
     * SSL_PROTOCOL_TLSV1
37
     * SSL_PROTOCOL_TLSV1_1
38
     * SSL_PROTOCOL_TLSV1_2
38
     * SSL_PROTOCOL_ALL
39
     * SSL_PROTOCOL_ALL
39
     * </PRE>
40
     * </PRE>
40
     * @param mode SSL mode to use
41
     * @param mode SSL mode to use
(-)java/org/apache/tomcat/jni/SSL.java (-1 / +3 lines)
Lines 71-77 Link Here
71
    public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
71
    public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
72
    public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
72
    public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
73
    public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
73
    public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
74
    public static final int SSL_PROTOCOL_ALL   = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1);
74
    public static final int SSL_PROTOCOL_TLSV1_1 = (1<<3);
75
    public static final int SSL_PROTOCOL_TLSV1_2 = (1<<4);
76
    public static final int SSL_PROTOCOL_ALL   = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2);
75
77
76
    /*
78
    /*
77
     * Define the SSL verify levels
79
     * Define the SSL verify levels
(-)java/org/apache/tomcat/jni/socket/AprSocketContext.java (-1 / +5 lines)
Lines 193-199 Link Here
193
193
194
    protected boolean useSendfile;
194
    protected boolean useSendfile;
195
195
196
    int sslProtocol = SSL.SSL_PROTOCOL_TLSV1 | SSL.SSL_PROTOCOL_SSLV3;
196
    int sslProtocol = SSL.SSL_PROTOCOL_TLSV1_2 | SSL.SSL_PROTOCOL_TLSV1_1 | SSL.SSL_PROTOCOL_TLSV1 | SSL.SSL_PROTOCOL_SSLV3;
197
197
198
    /**
198
    /**
199
     * Max time spent in a callback ( will be longer for blocking )
199
     * Max time spent in a callback ( will be longer for blocking )
Lines 314-319 Link Here
314
            sslProtocol = SSL.SSL_PROTOCOL_SSLV3;
314
            sslProtocol = SSL.SSL_PROTOCOL_SSLV3;
315
        } else if ("TLSv1".equalsIgnoreCase(protocol)) {
315
        } else if ("TLSv1".equalsIgnoreCase(protocol)) {
316
            sslProtocol = SSL.SSL_PROTOCOL_TLSV1;
316
            sslProtocol = SSL.SSL_PROTOCOL_TLSV1;
317
        } else if ("TLSv1.1".equalsIgnoreCase(protocol)) {
318
            sslProtocol = SSL.SSL_PROTOCOL_TLSV1_1;
319
        } else if ("TLSv1.2".equalsIgnoreCase(protocol)) {
320
            sslProtocol = SSL.SSL_PROTOCOL_TLSV1_2;
317
        } else if ("all".equalsIgnoreCase(protocol)) {
321
        } else if ("all".equalsIgnoreCase(protocol)) {
318
            sslProtocol = SSL.SSL_PROTOCOL_ALL;
322
            sslProtocol = SSL.SSL_PROTOCOL_ALL;
319
        }
323
        }
(-)java/org/apache/tomcat/util/net/AprEndpoint.java (+4 lines)
Lines 515-520 Link Here
515
                        value |= SSL.SSL_PROTOCOL_SSLV3;
515
                        value |= SSL.SSL_PROTOCOL_SSLV3;
516
                    } else if ("TLSv1".equalsIgnoreCase(protocol)) {
516
                    } else if ("TLSv1".equalsIgnoreCase(protocol)) {
517
                        value |= SSL.SSL_PROTOCOL_TLSV1;
517
                        value |= SSL.SSL_PROTOCOL_TLSV1;
518
                    } else if ("TLSv1.1".equalsIgnoreCase(protocol)) {
519
                        value |= SSL.SSL_PROTOCOL_TLSV1_1;
520
                    } else if ("TLSv1.2".equalsIgnoreCase(protocol)) {
521
                        value |= SSL.SSL_PROTOCOL_TLSV1_2;
518
                    } else if ("all".equalsIgnoreCase(protocol)) {
522
                    } else if ("all".equalsIgnoreCase(protocol)) {
519
                        value |= SSL.SSL_PROTOCOL_ALL;
523
                        value |= SSL.SSL_PROTOCOL_ALL;
520
                    } else {
524
                    } else {

Return to bug 53952