Disable TLS v1.0, TLS v1.1 and all weaker ciphers on TLS v1.2 on UX

twong · January 13, 2022, 1:08am

Hi all,

We have a requirement to disable TLS v1.0, TLS v1.1 and all weaker ciphers on TLS v1.2 on Apliqo UX, I understand we may need to modify the configurations on tomcat.

However, what I do not understand is:

What exactly do I need to modify? I have searched many websites and each seems saying different things and I am pretty clueless of what is correct and what is wrong.
When there is an upgrade of Apliqo UX in the future, do I need to re-apply all these settings all over again? It seems to be quite painful already doing the research and I don’t feel like doing this again.

Thanks a lot in advance.

Tat

srichardson · January 13, 2022, 2:18am

Hi Tat,

I would first refer to the official documentation.
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

Where you define the SSL connector is where you would need to configure the TLS version.

Another useful thread to look at:

<Connector port="8443" 
 protocol="org.apache.coyote.http11.Http11Protocol"
 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
 keystoreFile="ssl/.keystore" keystorePass="changeit"
 clientAuth="false" sslProtocol="SSL" sslEnabledProtocols="TLSv1.2" />