--- webapps/docs/config/http.xml (revision 1392879)
+++ webapps/docs/config/http.xml (working copy)
@@ -1190,9 +1190,10 @@
Protocol which may be used for communicating with clients. The default
- value is all
, which is equivalent to SSLv3+TLSv1
- with other acceptable values being SSLv2
,
- SSLv3
, TLSv1
and any combination of the three
+ value is all
, which is equivalent to
+ SSLv3+TLSv1+TLSv1.1+TLSv1.2
with other acceptable values being
+ SSLv2
, SSLv3
, TLSv1
, TLSv1.1
,
+ TLSv1.2
and any combination of the three
protocols concatenated with a plus sign. Note that the protocol
SSLv2
is inherently unsafe.
* SSL_PROTOCOL_SSLV2 * SSL_PROTOCOL_SSLV3 - * SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3 * SSL_PROTOCOL_TLSV1 + * SSL_PROTOCOL_TLSV1_1 + * SSL_PROTOCOL_TLSV1_2 * SSL_PROTOCOL_ALL ** @param mode SSL mode to use --- java/org/apache/tomcat/jni/SSL.java (revision 1392879) +++ java/org/apache/tomcat/jni/SSL.java (working copy) @@ -71,7 +71,9 @@ public static final int SSL_PROTOCOL_SSLV2 = (1<<0); public static final int SSL_PROTOCOL_SSLV3 = (1<<1); public static final int SSL_PROTOCOL_TLSV1 = (1<<2); - public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1); + public static final int SSL_PROTOCOL_TLSV1_1 = (1<<3); + public static final int SSL_PROTOCOL_TLSV1_2 = (1<<4); + public static final int SSL_PROTOCOL_ALL = (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2); /* * Define the SSL verify levels --- java/org/apache/tomcat/jni/socket/AprSocketContext.java (revision 1392879) +++ java/org/apache/tomcat/jni/socket/AprSocketContext.java (working copy) @@ -193,7 +193,7 @@ protected boolean useSendfile; - int sslProtocol = SSL.SSL_PROTOCOL_TLSV1 | SSL.SSL_PROTOCOL_SSLV3; + int sslProtocol = SSL.SSL_PROTOCOL_TLSV1_2 | SSL.SSL_PROTOCOL_TLSV1_1 | SSL.SSL_PROTOCOL_TLSV1 | SSL.SSL_PROTOCOL_SSLV3; /** * Max time spent in a callback ( will be longer for blocking ) @@ -314,6 +314,10 @@ sslProtocol = SSL.SSL_PROTOCOL_SSLV3; } else if ("TLSv1".equalsIgnoreCase(protocol)) { sslProtocol = SSL.SSL_PROTOCOL_TLSV1; + } else if ("TLSv1.1".equalsIgnoreCase(protocol)) { + sslProtocol = SSL.SSL_PROTOCOL_TLSV1_1; + } else if ("TLSv1.2".equalsIgnoreCase(protocol)) { + sslProtocol = SSL.SSL_PROTOCOL_TLSV1_2; } else if ("all".equalsIgnoreCase(protocol)) { sslProtocol = SSL.SSL_PROTOCOL_ALL; } --- java/org/apache/tomcat/util/net/AprEndpoint.java (revision 1392879) +++ java/org/apache/tomcat/util/net/AprEndpoint.java (working copy) @@ -515,6 +515,10 @@ value |= SSL.SSL_PROTOCOL_SSLV3; } else if ("TLSv1".equalsIgnoreCase(protocol)) { value |= SSL.SSL_PROTOCOL_TLSV1; + } else if ("TLSv1.1".equalsIgnoreCase(protocol)) { + value |= SSL.SSL_PROTOCOL_TLSV1_1; + } else if ("TLSv1.2".equalsIgnoreCase(protocol)) { + value |= SSL.SSL_PROTOCOL_TLSV1_2; } else if ("all".equalsIgnoreCase(protocol)) { value |= SSL.SSL_PROTOCOL_ALL; } else {