Hi,
i'm triing to create a java SSL connector to forward only TLSv1.1 connections to my application.
This is my connector:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="49154" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/.../sslKeyStore.jks"
keystorePass="..."
clientAuth="true"
sslProtocol="TLSv1.1"
ciphers="TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA"/>
But this connector also accepts TLSv1, TLSv1.2 and SSL3.
Only SSL2 is unsurported.
If I don't define the sslProtocol="..." in my connector I get the same appearance, what is very strange for me.
I'm using JDK7 and - i think - this is why it supports all TLS versions
see:http://docs.oracle.com/javase/7/docs/technotes/guides/security/enhancements-7.html
"The SunJSSE provider now supports TLS 1.1 as described in RFC 4346. The most important update is protection against cipher block chaining (CBC) attacks."
What I want to reach is to accept only handshakes using the TLSv1.1 protocol, for other handshakes the connector should say something like this
"Unsupported SSL v2.0 ClientHello"
what my connector does for the SSL2 protocol.
Is it possible?`
The Connector runs on JBoss AS 4.2.3 and for the SSL-handshake I'm using openssl.
Regards
zemt3x
Hi,
I have the same issue with jboss 6A & java 7. I set the sslProtocol = "TLS1.1" in sever.xml but when i send a WS via jboss TLS1 is used.
Regards,
Mehran.