diff options
author | Christina Fu <cfu@redhat.com> | 2014-11-21 17:30:55 -0800 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2014-11-24 13:19:13 -0800 |
commit | 025e4e643911dcb277d9d0efb0e6d7533a679e71 (patch) | |
tree | e2a58f5901232611150e171a8284df45662840e1 /base/server/share | |
parent | c0e3716fe43b87139bae57dba992fe0376bd215d (diff) | |
download | pki-025e4e643911dcb277d9d0efb0e6d7533a679e71.tar.gz pki-025e4e643911dcb277d9d0efb0e6d7533a679e71.tar.xz pki-025e4e643911dcb277d9d0efb0e6d7533a679e71.zip |
Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade
Diffstat (limited to 'base/server/share')
-rw-r--r-- | base/server/share/conf/server.xml | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/base/server/share/conf/server.xml b/base/server/share/conf/server.xml index 8fbdf0f7e..306ebf25b 100644 --- a/base/server/share/conf/server.xml +++ b/base/server/share/conf/server.xml @@ -142,6 +142,9 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) 'ssl2Ciphers' 'ssl3Ciphers' 'tlsCiphers' + 'sslVersionRangeStream' + 'sslVersionRangeDatagram' + 'sslRangeCiphers' 'serverCertNickFile' 'passwordFile' 'passwordClass' @@ -184,12 +187,15 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) ocspMinCacheEntryDuration="60" ocspMaxCacheEntryDuration="120" ocspTimeout="10" - strictCiphers="false" + strictCiphers="true" clientAuth="[PKI_AGENT_CLIENTAUTH]" sslOptions="[TOMCAT_SSL_OPTIONS]" ssl2Ciphers="[TOMCAT_SSL2_CIPHERS]" ssl3Ciphers="[TOMCAT_SSL3_CIPHERS]" tlsCiphers="[TOMCAT_TLS_CIPHERS]" + sslVersionRangeStream="[TOMCAT_SSL_VERSION_RANGE_STREAM]" + sslVersionRangeDatagram="[TOMCAT_SSL_VERSION_RANGE_DATAGRAM]" + sslRangeCiphers="[TOMCAT_SSL_RANGE_CIPHERS]" serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" |