How to change TLS from 1.0 to 1.1

16 views
Skip to first unread message

Andrea Colajacomo

unread,
Jul 17, 2022, 11:59:43 AMJul 17
to CAS Community
Hi all,
we have a version of CAS now not very recent (6.1) and we urgently need to disable TLS 1.0 in favor of TLS 1.1, but it is not clear to us how we can do it nor have we found anything in the documentation. Can anyone help us ?

Thanks to all
Andrea

Andrew Marker

unread,
Jul 18, 2022, 9:05:07 AMJul 18
to cas-...@apereo.org
I think that is actually managed in the application server: Tomcat for example.  So the settings and how you configure it will be determined the how your deploy and what you're using to run CAS.


Many of the settings like this can be set in configuration or as a startup parameter. Below are examples ripped from the documentation, not a recommendation.

<Connector
           protocol="org.apache.coyote.http11.Http11AprProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/usr/local/ssl/server.crt"
           SSLCertificateKeyFile="/usr/local/ssl/server.pem"
           SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/>




--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/eb52635b-2fa0-4f11-b000-43bcc937931bn%40apereo.org.

King, Robert

unread,
Jul 18, 2022, 9:45:37 AMJul 18
to cas-...@apereo.org

Alternatively, if you are running embedded Tomcat as part of the WAR:

 

https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#embedded-container

 

I believe the options you would need are:

 

server.ssl.protocol=TLS

server.ssl.enabled-protocols=TLSv1.1,TLSv1.2

 

Reply all
Reply to author
Forward
0 new messages