I'm attempting to disable SSLv3 by specifying the sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" in my HTTP connector, but it is not disabling it. Looking at catalina.out I see this logged warning: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslEnabledProtocols' to 'TLSv1,TLSv1.1,TLSv1.2' did not find a matching property. The host is running tomcat 6.0.41 with Java 7u65.
Bugzilla is not a support forum. Please use the users mailing list.
This issue has been confirmed. It affects the HTTPS NIO connector.
Fix proposed for 6.0.x
How about protocols="TLSv1,TLSv1.1,TLSv1.2" ? See bug 54691 for original introduction of sslEnabledProtocols in Tomcat 6.
(In reply to Konstantin Kolinko from comment #4) > How about protocols="TLSv1,TLSv1.1,TLSv1.2" ? > > See bug 54691 for original introduction of sslEnabledProtocols in Tomcat 6. I see now, r1521514 was wrong as there was no "protocols" setting for Nio in Tomcat 6. Bio uses "attributes.get("protocols")" in JSSESocketFactory.initServerSocket(), but Nio has different code with NioEndpoint.createSSLEngine(). Voted for the patch.
Whoops, sorry for the oversight on the NIO connector. It looks like markt applied this patch. Is this then FIXED?
This is fixed in 6.0.x and will be included in 6.0.x onwards.
> This is fixed in 6.0.x and will be included in 6.0.x onwards. in 6.0.43 onwards.