How to change TLS from 1.0 to 1.1
18 views
Skip to first unread message
Andrea Colajacomo
Jul 17, 2022, 11:59:43 AM7/17/22
to CAS Community
Hi all,
we have a version of CAS now not very recent (6.1) and we urgently need to disable TLS 1.0 in favor of TLS 1.1, but it is not clear to us how we can do it nor have we found anything in the documentation. Can anyone help us ?
Thanks to all
Andrea
we have a version of CAS now not very recent (6.1) and we urgently need to disable TLS 1.0 in favor of TLS 1.1, but it is not clear to us how we can do it nor have we found anything in the documentation. Can anyone help us ?
Thanks to all
Andrea
Andrew Marker
Jul 18, 2022, 9:05:07 AM7/18/22
to cas-...@apereo.org
I think that is actually managed in the application server: Tomcat for example. So the settings and how you configure it will be determined the how your deploy and what you're using to run CAS.
Many of the settings like this can be set in configuration or as a startup parameter. Below are examples ripped from the documentation, not a recommendation.
<Connector
protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/>--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/eb52635b-2fa0-4f11-b000-43bcc937931bn%40apereo.org.
King, Robert
Jul 18, 2022, 9:45:37 AM7/18/22
to cas-...@apereo.org
Alternatively, if you are running embedded Tomcat as part of the WAR:
https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#embedded-container
I believe the options you would need are:
server.ssl.protocol=TLS
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGGVe%2BFYV%2Bv334eHBhgEHc_Q5nfYm_NBujuYih9WaNGTKjwHCQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages